ELECTRUM: Cyber Attack on Poland's Electric System 2025
On December 29, 2025, a coordinated cyberattack targeted multiple distributed energy sites across Poland's electric system, including combined heat and power facilities and renewable energy dispatch systems for wind and solar generation. Dragos attributes this activity with moderate confidence to ELECTRUM, the threat group responsible for the 2015 and 2016 Ukraine power grid attacks.
This is the first major coordinated attack targeting distributed energy resources at scale, marking a strategic shift from previous attacks on centralized control systems to targeting the distributed edge of the grid.
The attack resulted in loss of view, loss of control, and denial-of-service conditions at affected sites. While no power outages occurred, adversaries gained access to operational technology systems with control capabilities.
CERT Polska has been leading the investigation and response. Dragos was involved in an incident response and is publishing this report to amplify their efforts with additional OT-specific technical analysis. This report contains no incident response details, customer information, or sensitive operational data.
Download the Intelligence Brief.
Explore our Resources
Expand your intel and cybersecurity skill sets with resources and training from your ally. Our unprecedented ICS/OT knowledge and expertise are at the ready through our robust catalogue of whitepapers, playbooks, webinars, report, and other resources for every challenge.
