Poland Power Grid Cyberattack: OT Security Lessons for Critical Infrastructure

In December 2025, a coordinated cyberattack targeted Poland’s power grid, impacting approximately 30 distributed energy resource (DER) sites including wind, solar, and combined heat and power facilities. The attack focused on operational technology (OT) environments, specifically communication devices and remote-control infrastructure, disrupting visibility and control. While no widespread power outage occurred, the incident demonstrates a serious and credible threat to OT environments, particularly at the grid edge, where security controls are often weaker. Attackers targeted OT communication devices such as RTUs and gateway systems. Around 30 DER facilities lost remote monitoring and control capabilities. Some OT devices were rendered inoperable (bricked), requiring manual replacement. Security researchers have linked the activity to Russia-aligned threat actors, consistent with previous attacks on energy-sector OT systems. Organizations operating OT or energy infrastructure should strengthen OT network segmentation, improve detection of communication disruptions, and ensure resilient backup and recovery processes.