Campaign · all campaigns
2025 Poland Wiper AttacksC0063 state
🇷🇺 RU
aka 2025 Poland Wiper Attacks, 2025 Poland Wiper Campaign
Last updated: 2026-07-03
About this actor
[2025 Poland Wiper Attacks](https://attack.mitre.org/campaigns/C0063) is a Russian state-sponsored campaign that conducted destructive cyberattacks against Polish energy infrastructure in December 2025. Targets included more than 30 wind and photovoltaic farms, a combined heat and power (CHP) plant, and a manufacturing sector company. The attacks on the distributed energy resources (DER) disrupted communications between affected facilities and the distribution system operator, but did not impact electricity generation or heat supply. Across the campaign, threat actors deployed two previously undocumented wiper tools, [DynoWiper](https://attack.mitre.org/software/S9038), a Windows-based wiper and [LazyWiper](https://attack.mitre.org/software/S9039), a PowerShell wiper, distributed via malicious Group Policy Objects. At the CHP plant, threat actors had maintained access since at least March 2025, using that foothold to obtain credentials and move laterally before attempting wiper deployment. Some reporting has assessed the activity to be consistent with Russian Federal Security Service (FSB) threat activity group [Dragonfly](https://attack.mitre.org/groups/G0035), also tracked as STATIC TUNDRA, while other reporting attributes the destructive wiper activities to the Russian General Staff Main Intelligence Directorate (GRU) threat activity group ELECTRUM, also tracked as [Sandworm Team](https://attack.mitre.org/groups/G0034).(Citation: CERT Polska)(Citation: Dragos ELECTRUM JAN 2026)(Citation: ESET DynoWiper JAN 2026)(Citation: ESET DynoWiper Update JAN 2026)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
T1003T1003.001T1003.002T1003.003T1006T1016T1021T1021.001T1027T1027.013T1036T1036.005T1046T1048T1048.003T1049T1053T1057T1059T1059.003T1059.004T1059.008T1074T1074.001T1078T1078.002T1078.004T1083T1090T1090.003T1102T1102.002T1105T1110T1110.002T1113T1114T1114.002T1133T1140T1484T1484.001T1485T1490T1495T1529T1530T1550T1550.002T1555T1556T1556.006T1558T1560T1560.001T1567T1567.004T1570T1571T1583T1583.006T1584T1584.001T1584.003T1584.008T1587T1587.001T1588T1588.007T1590T1590.006T1602T1602.002T1608T1608.002T1686T1686.002
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 44 / 77 | 57% |
CM-6 | 43 / 77 | 56% |
AC-3 | 42 / 77 | 55% |
CM-2 | 40 / 77 | 52% |
AC-6 | 34 / 77 | 44% |
AC-2 | 31 / 77 | 40% |
CM-7 | 30 / 77 | 39% |
SI-3 | 30 / 77 | 39% |
CA-7 | 29 / 77 | 38% |
IA-2 | 26 / 77 | 34% |
AC-4 | 22 / 77 | 29% |
AC-5 | 22 / 77 | 29% |
SC-7 | 21 / 77 | 27% |
SI-7 | 21 / 77 | 27% |
CM-5 | 20 / 77 | 26% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Volt Typhoon 0.28
- FIN13 0.26
- Chimera 0.25
- Ke3chang 0.25
- Magic Hound 0.25
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00