Poland: Phobos Ransomware Affiliate Arrested; Russia-Linked Wiper Attack on Renewable Energy Infrastructure

A 47-year-old man was arrested in Poland for his alleged involvement as an affiliate of the Phobos ransomware group. The arrest was part of "Operation Aether," a Europol-coordinated effort targeting Phobos ransomware infrastructure and affiliates. Simultaneously, Polish renewable energy infrastructure faced a significant cyberattack involving Russia-linked wiper malware, raising concerns about the security of critical infrastructure and the potential for further disruptions. The Phobos ransomware group has been linked to over 1,000 attacks globally, generating over $16 million in illicit revenue. The wiper attack on renewable energy infrastructure did not halt energy generation, but operators lost monitoring and control visibility. ## Latest Update The most recent source confirms the arrest of a 47-year-old man in the Lesser Poland Voivodeship, charged with involvement in the Phobos ransomware group. Authorities seized a laptop, smartphones, payment cards, and cannabis, with forensic analysis revealing stolen credentials and server IPs used for cyberattacks. ## Timeline * **January 2026:** Poland's CERT-Polska reports a cyberattack on approximately 30 wind and solar power installations involving wiper malware, later highlighted by CISA. The attack is linked to the Russia-associated threat group Static Tundra. * **February 2025:** Europol-led "Operation Aether" takes place, involving agencies across Europe, Asia, and North America. * **July 2025:** Japanese police release information related to Operation Aether. * **February 10, 2026:** CISA and UK's NCSC issue warnings and directives following the renewable energy infrastructure attack. * **February 17, 2026:** Polish authorities arrest a 47-year-old man in Małopolska region for alleged involvement with the Phobos ransomware group as part of Operation Aether. ## What to Watch * Further arrests and disruptions of Phobos ransomware operations as Operation Aether continues. * Escalation of cyberattacks targeting critical infrastructure, particularly renewable energy, by state-sponsored actors. * Increased focus on securing edge devices and patching vulnerabilities in critical infrastructure networks.