Major cyberattack on Poland wind and solar farms raises global concerns over insecure network hardware

Nighttime cityscape of Warsaw featuring the illuminated Palace of Culture and Science surrounded by modern skyscrapers and office buildings. (Source: Kamil Gliwiński via Unsplash)

Praneeta, Published 02/11/2026

Cyberlaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert following a large-scale cyberattack targeting Poland’s renewable energy infrastructure, highlighting risks posed by vulnerable internet-connected edge devices used in operational technology environments.

The warning follows a January 30 report from Poland’s Computer Emergency Response Team (CERT-Polska), which concluded that a December cyber incident targeted approximately 30 wind and solar power installations. According to the Polish agency, the attack infrastructure overlapped with tools previously linked to a Russia-associated threat group tracked under multiple names including Static Tundra, Berserk Bear, Ghost Blizzard and Dragonfly.

In its advisory, CISA stated that the incident demonstrates growing threats to industrial control systems (ICS) and operational technology (OT), which are widely deployed across energy production, utilities and manufacturing sectors. The agency noted that attackers gained initial access through unpatched or unsupported internet-facing edge devices such as routers and firewalls.

According to CISA, the attackers deployed destructive wiper malware that damaged remote terminal units (RTUs), erased data on human-machine interfaces (HMIs) and corrupted firmware across operational technology devices. While energy generation reportedly continued, operators temporarily lost monitoring and control visibility over affected installations.

The agency has recently intensified efforts to reduce risks from vulnerable networking equipment. Last week, CISA issued a binding directive requiring U.S. federal agencies to remove unsupported edge devices from their networks.

Security researchers at Dragos described the attack as a significant escalation, noting that it marks one of the first known cyber operations specifically targeting distributed energy resources such as small-scale wind, solar and combined heat-and-power installations. Unlike centralized power plants, these distributed systems often rely heavily on remote connectivity and historically receive lower cybersecurity investment.

Officials from the United Kingdom’s National Cyber Security Centre also urged critical infrastructure operators to strengthen protective measures following the incident.

CISA is advising infrastructure operators to review CERT-Polska’s technical findings and follow federal guidance designed to mitigate vulnerabilities in OT and ICS environments.

Source(s)

⟨

Unofficial Witcher 4 prequel: New Wild Hunt mod lets players control Ciri in a new region

Please share our article, every link counts!

Add as a preferred
source on Google

Read all 1 comments / answer

Loading Comments

Comment on this article

Praneeta - Tech Editor - 18 articles published on Notebookcheck since 2025

I'm pretty attached to storytelling, since childhood (an awful curse I'm still trying to find an antidote for). But in the meantime, I use it to enhance my professional life, tell stories and sometimes the news. I am passionate about tech, the kind that can potentially change the fate of humanity, and Anime. I am eager to learn about the world, and I'm still figuring out how to travel as much as possible.

contact me via: @prntmnd, _praneeta

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 02 > Major cyberattack on Poland wind and solar farms raises global concerns over insecure network hardware

Praneeta, 2026-02-11 (Update: 2026-02-11)

Source(s)

Related Articles