jasdooit

Poland’s Prime Minister Donald Tusk commended the nation’s intelligence agencies on Thursday for preventing a cyberattack targeting energy infrastructure, which had the potential to disrupt heating for as many as half a million residents during the country’s harsh winter.

Following his meeting with energy officials and security agencies in Warsaw, Tusk stated that Poland had effectively protected itself and that essential infrastructure remained secure.

An unsuccessful assault focused on two integrated heat and power facilities along with wind energy installations took place in December 2025.

Tusk accused Russia and called on the Polish parliament to quickly approve new cybersecurity laws to enhance defense against external interference.

The Deputy Prime Minister of Poland and Minister for Digital Affairs, Krzysztof Gawkowski, stated that the country nearly experienced a power outage and described the cyberattack as one of the most significant in recent times.

“Digital tanks are already present,” he stated on RMF FM radio, highlighting that contemporary warfare is taking place in the cyber domain.

Who orchestrated the cyberattacks?

Tusk mentioned that, to date, there is no conclusive proof to determine the individuals responsible, although he noted that a significant portion of the information collected suggests the involvement of groups linked to Russian intelligence agencies.

He mentioned that, similar to previous cyberattacks targeting Polish infrastructure, the main focus was on timely identification and strong reaction systems.

In December, European allies of Ukraine stated that Russia is conducting a “hybrid warfare” campaign involving sabotage, targeted killings, cyber operations, and false information to create discord within Western nations and weaken backing for Ukraine.

This follows a sequence of events in nations like France, Denmark, and Sweden, where essential infrastructure has been attacked.

European intelligence services claim that inquiries regarding Russian interference now take up as much time as those related to terrorist threats.

In July, Europol, the European Union’s law enforcement agency, reported that a synchronized global operation has targeted the infrastructure of a pro-Russian cybercrime group responsible for a series of denial of service attacks against Ukraine and its allies.

Operation Eastwood focused on the group known as NoName057(16), which Dutch officials recently attributed to launching multiple denial-of-service attacks against several municipalities and entities associated with a NATO summit in the Netherlands.

Europol stated that the cybercrime group was also responsible for incidents in Germany and Switzerland.

Poland’s preparedness for comparable dangers

In recent years, assaults on vital infrastructure have grown more complex and perilous, highlighting the importance of cybersecurity within Poland’s energy industry.

According to Dorota Kwaśniewska, an editor with the Defence24 website, as reported by Euronews, successful security measures involve more than just technology; they also depend on collaboration between government and industry.

“In reaction to increasing dangers, it is essential that we focus on creating protective measures. Since attacks are constantly evolving, we must also adapt and enhance our security,” she stated.

Kwaśniewska noted that Poland’s cybersecurity systems operated effectively during the attempted attack on power plants in December.

“The energy infrastructure’s cybersecurity system functioned well during the December attacks,” she stated.

Meanwhile, to the best of current knowledge, the government has introduced actions aimed at enhancing resistance to potential future attacks, such as funding for protections, system upgrades, and enhanced legal frameworks.

Kwaśniewska pointed out that in these cyberattacks, much relies on how they are carried out and the strength of the defense systems.

In December 2015, Ukraine was the first nation globally to experience a physical power outage caused by a cyberattack. According to Kwaśniewska, hacking groups associated with Russia executed a synchronized assault on energy system providers, employing the BlackEnergy and KillDisk malware.

The assailants gained remote access to SCADA systems, disabled electrical substations, and simultaneously disrupted customer service centers. Consequently, approximately 230,000 customers experienced power outages for several hours.