Poland's energy grid was targeted by never-before-seen wiper malware

Posted by Bender 9 hours ago

Counter188Comment62OpenOriginal

Comments

Comment by altern8 7 hours ago

If you're looking for what the damage was, it failed.

Potential damage: "Most notable was one [attack] in Ukraine in December 2015. It left roughly 230,000 people without electricity for about six hours during one of the coldest months of the year."

Comment by 4 hours ago

Comment by TheDauthi 4 hours ago

My first pass through the title was "Those windshield wipers shouldn't need to be internet-connected."

Thankfully, the article did clear that up, but the fact that my brain didn't even think, "that's a stupid idea that no one would buy that" is a bit depressing.

Comment by canada_dry 58 minutes ago

Assuming that Ukraine cyber attacks (novel/0-day) on the Russian energy grid must be happening, I don't often hear of this happening there.

Why not?? Is Russia's grid infrastructure so old as to not be as vulnerable?

Comment by United857 1 hour ago

Curious to how these attacks work logistically. I assume these networks are air-gapped?

Comment by csomar 1 hour ago

The Jaguar hack cost the UK $2.5Bn and dropped production to levels you'd normally only see during open warfare. Recovery took many months, and the financial damage persists today.

We still operate with a primitive homunculi where a gunshot is considered aggressive, but sabotaging infrastructure that can kill hundreds from cold is being waved at.

Comment by tartoran 2 hours ago

Hybrid war on Europe.

Comment by HPsquared 7 hours ago

For what purpose? Cui bono?

Comment by general1465 7 hours ago

Poland is a major logistical hub for everything going towards Ukraine. Thus targeting basic infrastructure like energy grid or railroad have to be expected.

On the bright side, using these weapon grade malware is burning exploits and also showing current state and techniques of Russian cyberwarfare which defender can learn a lot from.

Comment by WhyNotHugo 4 hours ago

> On the bright side, using these weapon grade malware is burning exploits and also showing current state and techniques of Russian cyberwarfare which defender can learn a lot from.

Or perhaps they used an already-known malware to measure defensive capabilities without showing any of their cards.

Comment by mrtesthah 10 minutes ago

You'd think it would've been done during the summer or some other time when that wouldn't matter then.

Comment by msuniverse2026 42 minutes ago

Interesting that Russia still hasn't targeted the bridges going into Ukraine from Poland for some reason.

Comment by wolvesechoes 26 minutes ago

What bridges?

Comment by breve 7 hours ago

Russia is at war with Europe.

Comment by dijit 7 hours ago

before anyone jumps on the pedantry bandwagon, its worth noting that even though open war hasn’t been called: the attacks on infrastructure especially cyber warfare is extremely active and, crucially, direct.

It is totally fair to say that in a digital context, Russia is absolutely at war with Europe.

As far as I can tell, they don’t even try to hide it.

Comment by reactordev 7 hours ago

Not to mention the information war they have been waging globally since 2016

Comment by naryJane 5 hours ago

True, but they’ve certainly been doing it much longer than ten years. I’ll never forget this headline [0] that struck me as purely devilish, especially in the lead up to the 2016 presidential election. Combine that with the knowledge that Trump has been anti-NATO since the 1980s [1]. Who knows how long Russia has been nudging him along. Who knows how many avenues they traverse? Take for example the letter to Senator Tom Cotton about Greenland [2]. What an embarrassment. I can only hope we are equally successful in our own PsyOps.

[0] https://www.rt.com/news/265399-putin-nato-europe-ukraine-ita...

[1] https://www.buzzfeednews.com/article/ilanbenmeir/that-time-t...

[2] https://monitoring.bbc.co.uk/product/c2018djo

Comment by 8 minutes ago

Comment by reactordev 3 hours ago

You don’t remember Trump Moscow? Ivanka? Trump and Russian connections go all the way back to Epstein’s early days.

Comment by mrtesthah 8 minutes ago

So much dirt.

https://spookyconnections.com/2024/10/19/donald-trump/

Comment by cookiengineer 5 hours ago

Some could say that in the cyber realm, they are not petty, ya! Well, or something like that.

Eversince notpetya and the colonial pipeline hack, the cyber strategy game changed a lot. Notpetya was genius as a deployment, because they abused the country's tax software deployment pipeline to cripple all (and I mean all, beyond 99%) businesses in one surgical strike.

The same is gonna happen to other tax software providers, because the DATEV AG and similar companies are pretty much the definition of digital incompetence wherever you look.

I could name other takedowns but the list would continue beyond a reasonable comment, especially with vendors like Hercules and Prophete that are now insolvent because they never prioritized cyber security at all, got hacked, didn't have backups, and ran out of money due to production plant costs.

Comment by RobotToaster 3 hours ago

The cold war never ended

Comment by 127 1 hour ago

...for Putin

Comment by throw310822 6 hours ago

[flagged]

Comment by pjc50 6 hours ago

They started this long ago, with the first invasion of Ukraine in 2014 and a series of poisoning attacks all the way back to https://en.wikipedia.org/wiki/Poisoning_of_Alexander_Litvine...

Comment by bnjemian 6 hours ago

This completely ignores that: 1. Russia was the aggressor in Ukraine, 2. Putin has made clear his desire to pursue expansionist goals through military action targeting prior members of the Soviet Union, 3. Putin regular threatens nuclear war with Ukraine, 4. Russia has shown outward hostility towards Western democracies and sought to manipulate elections with information warfare to reach their goals (most notably, 2016 US Election and Brexit), 5. Russian regularly cuts cables connecting countries, and 6. Though completely unrelated, Putin has a history of assassinating political opponents. That's wolfish behavior if I've ever seen it.

Comment by Zagitta 6 hours ago

You're conveniently omitting these all happened in response to the full scale Russian invasion of Ukraine.

But thanks for proving the point about Russia's disinformation war.

Comment by throw310822 35 minutes ago

Funny that I got three replies all stating the same thing, that Russia is the aggressor and has invaded Ukraine. Of course it is so, and then? Russia invaded Ukraine, not the EU. It's the EU that has decided to get involved in the war by supporting Ukraine.

Comment by tosapple 7 hours ago

What I am starting to appreciate about these digital infrastructure attacks is that they may be reversible and or temporary. It can be a nice feature.

Comment by jacquesm 5 hours ago

Then you're missing the point.

If they succeed they may well not be reversible. The question is if this had succeeded would we have shrugged it off again or responded appropriately?

Comment by K0balt 5 hours ago

Can you give some examples of? I can imagine that under the right circumstances you might succeed in blowing up some transformers or even a turbine, but it seems like you’d be up to speed within a month or two on the outside? Or am I missing the gravity somehow?

Comment by 3eb7988a1663 4 hours ago

Pardon? A month or two without power does not seem like an enormous crisis?

Stuxnet destroyed centrifuges. It does not seem impossible that a sophisticated attack could shred some critical equipment. During the Texas 2021 outage -they were incredibly close to losing the entire grid and being in a blackstart scenario. Estimates were that it could take weeks to bring back power - all this without any physical equipment destroyed or malicious code within the network.

Edit: Had to look it up, the Texas outage was "only" two weeks and scattershot in where it hit. The death toll is estimated at 246-702.

https://en.wikipedia.org/wiki/2021_Texas_power_crisis

Comment by jacquesm 24 minutes ago

> Or am I missing the gravity somehow?

Yes, there is the risk of cascading failures, some industrial processes are very hard to re-start once interrupted (or even impossible) and the lead time on 'some transformers' can be a year or more. These are nothing like the kind that you can buy at the corner hardware store. A couple of hundred tons or so for the really large ones.

Grid infra is quite expensive, hard to replace and has very long lead times.

The very worst you could do is induce oscillations.

Comment by thimkerbell 1 hour ago

I've seen less-than-credible software in an ATM and in a "ring up your own groceries" station. No idea who's behind it or who would care, though.

Comment by applied_heat 3 hours ago

Transformers and turbines of any significance are not off the shelf parts and can have lead times of years

Comment by sillywalk 2 hours ago

> Transformers and turbines of any significance are not off the shelf parts and can have lead times of years

Bloomberg had a decent article[0] about transformers and their lead time. They're currently a bottleneck on building. It wasn't paywalled for me.

"The Covid-19 pandemic strained many supply chains, and most have recovered by now. The supply chain for transformers started experiencing troubles earlier — and it’s only worsened since. Instead of taking a few months to a year, the lead time for large transformer delivery is now three to five years. " [0]

[0] https://www.bloomberg.com/features/2025-bottlenecks-transfor...

Comment by esafak 3 hours ago

How do they not have backups??

Comment by 3eb7988a1663 3 hours ago

Enough for the entire grid? There are some amount of reserves on hand (eg drunk runs into a telephone pole), but nothing that could replace a targeted attack with the explicit goal of taking out the most vital infrastructure.

Comment by jacquesm 27 minutes ago

And those pole mounted transformers are tiny. The big ones require special transports and can weigh a few hundred tons. Some are so large they are best transported via boat if possible.

Comment by genocidicbunny 3 hours ago

It's middle of winter, and it gets pretty danged cold. Being without power in such weather might well end up being deadly, even with short durations.

Comment by tosapple 5 hours ago

I wasn't commenting on any particular case. I was stating that flipping a switch is less costly to reverse than blowing up a dam.

Comment by jacquesm 5 hours ago

These attacks are not at the level of 'flipping a switch'. If they succeed they can destabilize the grid and that has the potential to destroy gear, and while not as costly as blowing up a dam it can still be quite costly.

Comment by tosapple 5 hours ago

During WW2 both germany and the UK as example were carpet bombed to assail industry, does that help you to understand my position better?

Vietnam too.

Comment by shakna 5 hours ago

Not really.

If you succeed in attacking the grid, you achieve the same widespread industry impact, without the cost of the munitions.

It can take decades to recover from a cyber attack like this, if it succeeds.

Comment by tosapple 5 hours ago

Again, not endoring any specific case just endorsing SPECIFICITY, COST, and "Collaterals".

Comment by shakna 4 hours ago

I was not speaking to just one case. Today's incident, is _the norm_.

These attacks are widespread, damaging, and the repercussions are felt for decades in their wake. We _are_ being carpet bombed, and the costs for the victims are ongoing and growing. The collateral damage is everywhere.

Do you really think there's no impact?

> Cyber units from at least one nation state routinely try to explore and exploit Australia’s critical infrastructure networks, almost certainly mapping systems so they can lay down malware or maintain access in the future.

> We recently discovered one of those units targeting critical networks in the United States. ASIO worked closely with our American counterpart to evict the hackers and shut down their global accesses, including nodes here in Australia.

> https://www.intelligence.gov.au/news/asio-annual-threat-asse...

Comment by tosapple 4 hours ago

[flagged]

Comment by shakna 1 hour ago

I guess I shouldn't be drawn by someone calling me an idiot...

But one last try.

You suggested that the cost of cyberattacks on industry, is not so great as when we were destroying it with bombs instead.

However, every time we have power outages, people die. Then we have the cost of securing the infrastructure. And the cost of everyone else affected, who has to increase their resilience.

Your bank is collateral damage, as is the people freezing to death in their homes. Entire industries are on the verge of collapse - getting a new turbine to help stabilise your grid has a lead time of _years_, not days or weeks. And if you hit weeks, people die.

Insurance responds to attacks, and that trickles out to everywhere that is touched. VISA and MasterCard have to prepare for eventualities, because of attacks not aimed at them, but at power infrastructure.

When power is hit... There is nothing unaffected.

Volt Typhoon hit the US power grid, and required a massive multinational effort to extract them, that took almost a year... And VT wasn't intended to do damage, just look for weak spots. So that next time, they can cause damage. As part of that survival process, various hardware partners were kicked to the curb, and the repercussions are still in the process of being felt. Half the industry may have issues surviving because of it.

Industroyer is one of the reasons that Kyiv got as bad as it did. Malware is not some hand-wave and fix thing. Half the city's relays were permanently damaged.

Then of course, there was Stuxnet. Which blew up centrifuges, and the research centres hit are still trying to recover from where they were, then.

Cyberattacks are a weapon of war, people die, industries die, and there is no easy path to recovery following it.

An entire industry exists, just to defend against these kinds of attacks. The money spent on that, is counted, which means it has to be less than the cost of the attack succeeding. Trillions are spent, because there is absolute weight behind surviving these attacks.

If things were easier, it'd be an industry solely focused on backups and flipping a switch. But it's not.

Comment by 30 minutes ago

Comment by idiotsecant 4 hours ago

'I appreciate that these scammers are just stealing old people's money online instead of killing them and taking it'!

Comment by rdtsc 7 hours ago

Does Europe overall feel and act like that’s the case though?

It seems as if the European war has been pushed to the background recently, and most people kind of forgot about it. If you walk down the streets of Paris or Berlin does it look like it’s wartime, do people talk about it much, do they share the latest front news and so on?

Comment by joe_mamba 6 hours ago

>If you walk down the streets of Paris or Berlin does it look like it’s wartime,

Like what exactly would you want them to do? Run around screaming all day because there's a war in another country 2000 km away from them?

No, people just go on with their lives, doing their jobs, taking care of family and friends, paying their taxes, so that specialized workers in the ministry of defence can take care of the war stuff for them. That's how modern society works.

It's even similar in Kiev, when you walk down the streets you see people living their lives. Gyms, bars, cafes, clubs are full and lively. People don't stop living and enjoying their daily lives just because there's shelling somewhere else in the country.

Comment by jsrcout 3 hours ago

> It's even similar in Kiev, when you walk down the streets you see people living their lives. Gyms, bars, cafes, clubs are full and lively. People don't stop living and enjoying their daily lives just because there's shelling somewhere else in the country.

While it's true to a certain degree, you make it sound like Kyiv residents are having a grand old time right now. But in reality, the majority are trying very hard to keep from freezing to death as Russian attacks targeting their power and heating infrastructure have destroyed much of it.

Comment by koiueo 5 hours ago

Kyiv.

And "enjoying their daily lives" diminishes real tragedies of Ukrainians' daily lives.

Comment by joe_mamba 5 hours ago

I beg to differ. Calling going out to a gym, cafe, club or a bar during wartime, as anything other than enjoying life, diminishes the real tragedy of those who are fighting on the front line and don't enjoy such leisure activities. Some people are fortunate enough that they can still get to enjoy life even if their country is in a war, as just like in every war ever, not everyone is affected equally.

Comment by pocksuppet 4 hours ago

[dead]

Comment by 6 hours ago

Comment by TacticalCoder 5 hours ago

[flagged]

Comment by RobotToaster 3 hours ago

It wasn't Iran that bombed Afghanistan, Libya, and Iraq[0]. Gadaffi warned that Libya was the only thing stopping most migrants reaching Europe.

[0] at least recently

Comment by anonnon 4 hours ago

In fairness, a large chunk of those immigrants to France were "Pied Noirs" and other diaspora from its former colonial possessions, e.g., Indochina.

Comment by anotherbadday 4 hours ago

Countless NGOs, in the past decades, pushed for mass migration to France, and called any opposing voice "nazis", the "darkest hours of our history", etc.

We know the name of their leaders, their (ethno-religious) background, etc. They aren't Iranian. They aren't Muslim. They aren't Russian...

Comment by dopa42365 2 hours ago

Thankfully we'll magically stop being at war with Russia once Ukraine gives up :P

Comment by redeeman 5 hours ago

have you seen the competence in those who manage the infrastructure? i'd say i would need significant proof before assuming anything. And IF russia is doing it, I would still say that we should put 99% blame on the absolute incompetents running the infrastructure, 1% russia.

Comment by jacquesm 5 hours ago

If you did then you'd be extremely gullible.

Comment by OKRainbowKid 5 hours ago

That seems like just victim blaming - "she was asking for it with the clothes she was wearing".

Comment by RobotToaster 3 hours ago

Software with vulnerabilities was defectively written.

If someone makes tanks with paper for armour, because it cuts costs, they are to blame if those tanks catch fire.

Comment by nawgz 1 hour ago

A tank is designed for war. Infrastructure is designed to serve some other utility. Claiming it should also be hardened against (cyber) war is acknowledging that there is an aggressor performing an attack of war, not that the infrastructure is failing the utility it was designed for.

It's fine to have this view that software should be defect free and hardened against sophisticated nation-state attackers, but it stretches the meaning of "defect" to me. A defect would be serving to fulfill that utility it had been designed for, not succumbing to malicious attackers.

Comment by IncreasePosts 7 hours ago

The most obvious answer is Russia(or one of their allies like China or Iran) did it because Poland is supporting Ukraine in the war (directly, and also indirectly by letting stuff from other countries be staged and move through Poland).

Comment by tokai 6 hours ago

Russia is currently focused at striking Ukrainian energy assets. Ukraine get energy imports from EU through Hungary and Poland. Hampering energy supply from Poland would but a huge strain on the already struggling Ukrainian network.

Comment by johanneskanybal 6 hours ago

With all the other crazy world-destroying us bullshit, is this also you? 50% you, 50% russia. It's an new gameshow, is it Russian or us?