Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector

Poland’s cyber landscape shifted dramatically in 2025, with the nation reporting roughly 270,000 intrusion attempts—2.5 times the volume recorded in 2024. The spike mirrors a continent‑wide escalation as Russian‑linked actors intensify campaigns against critical infrastructure in response to NATO’s support for Ukraine. Analysts note that the surge is not merely quantitative; attackers are employing more sophisticated toolchains, leveraging supply‑chain vulnerabilities and zero‑day exploits. This trend underscores the growing convergence of geopolitical conflict and digital warfare, forcing European governments to treat cyber incidents as extensions of conventional security threats.

The most alarming episode unfolded on December 29, when coordinated malware crippled a combined heat‑and‑power plant serving nearly half a million households, alongside several wind and solar farms. Unlike typical ransomware strikes that chase financial gain, the intrusion deployed data‑wiping code designed to sabotage operations—a hallmark of state‑sponsored sabotage. Forensic analysis by CERT Polska traced command‑and‑control infrastructure to domains previously used by the Dragonfly (Static Tundra) group, while ESET’s malware assessment pointed to Sandworm techniques. The dual attribution highlights the blurred lines between Russian intelligence services and proxy cyber‑crime units, complicating diplomatic attribution.

In response, Prime Minister Donald Tusk’s administration has accelerated a multi‑layered cyber‑defense strategy, expanding public‑private information sharing, boosting funding for the national Computer Emergency Response Team, and aligning Poland’s security posture with NATO’s Cooperative Cyber Defence Centre of Excellence. The episode also serves as a wake‑up call for the alliance, prompting discussions on collective deterrence measures and the possible designation of destructive cyber‑attacks as acts of war. As European energy grids become increasingly digitized, the Polish case illustrates the urgent need for resilient architecture, rapid incident response, and coordinated intelligence to mitigate future state‑backed cyber aggression.