Poland's energy grid was targeted by never-before-seen wiper malware
arstechnica.com163 points by Bender 7 hours ago
163 points by Bender 7 hours ago
If you're looking for what the damage was, it failed.
Potential damage: "Most notable was one [attack] in Ukraine in December 2015. It left roughly 230,000 people without electricity for about six hours during one of the coldest months of the year."
My first pass through the title was "Those windshield wipers shouldn't need to be internet-connected."
Thankfully, the article did clear that up, but the fact that my brain didn't even think, "that's a stupid idea that no one would buy that" is a bit depressing.
For what purpose? Cui bono?
Poland is a major logistical hub for everything going towards Ukraine. Thus targeting basic infrastructure like energy grid or railroad have to be expected.
On the bright side, using these weapon grade malware is burning exploits and also showing current state and techniques of Russian cyberwarfare which defender can learn a lot from.
> On the bright side, using these weapon grade malware is burning exploits and also showing current state and techniques of Russian cyberwarfare which defender can learn a lot from.
Or perhaps they used an already-known malware to measure defensive capabilities without showing any of their cards.
Russia is at war with Europe.
before anyone jumps on the pedantry bandwagon, its worth noting that even though open war hasn’t been called: the attacks on infrastructure especially cyber warfare is extremely active and, crucially, direct.
It is totally fair to say that in a digital context, Russia is absolutely at war with Europe.
As far as I can tell, they don’t even try to hide it.
Not to mention the information war they have been waging globally since 2016
True, but they’ve certainly been doing it much longer than ten years. I’ll never forget this headline [0] that struck me as purely devilish, especially in the lead up to the 2016 presidential election. Combine that with the knowledge that Trump has been anti-NATO since the 1980s [1]. Who knows how long Russia has been nudging him along. Who knows how many avenues they traverse? Take for example the letter to Senator Tom Cotton about Greenland [2]. What an embarrassment. I can only hope we are equally successful in our own PsyOps.
[0] https://www.rt.com/news/265399-putin-nato-europe-ukraine-ita...
[1] https://www.buzzfeednews.com/article/ilanbenmeir/that-time-t...
You don’t remember Trump Moscow? Ivanka? Trump and Russian connections go all the way back to Epstein’s early days.
Some could say that in the cyber realm, they are not petty, ya! Well, or something like that.
Eversince notpetya and the colonial pipeline hack, the cyber strategy game changed a lot. Notpetya was genius as a deployment, because they abused the country's tax software deployment pipeline to cripple all (and I mean all, beyond 99%) businesses in one surgical strike.
The same is gonna happen to other tax software providers, because the DATEV AG and similar companies are pretty much the definition of digital incompetence wherever you look.
I could name other takedowns but the list would continue beyond a reasonable comment, especially with vendors like Hercules and Prophete that are now insolvent because they never prioritized cyber security at all, got hacked, didn't have backups, and ran out of money due to production plant costs.
[flagged]
They started this long ago, with the first invasion of Ukraine in 2014 and a series of poisoning attacks all the way back to https://en.wikipedia.org/wiki/Poisoning_of_Alexander_Litvine...
This completely ignores that: 1. Russia was the aggressor in Ukraine, 2. Putin has made clear his desire to pursue expansionist goals through military action targeting prior members of the Soviet Union, 3. Putin regular threatens nuclear war with Ukraine, 4. Russia has shown outward hostility towards Western democracies and sought to manipulate elections with information warfare to reach their goals (most notably, 2016 US Election and Brexit), 5. Russian regularly cuts cables connecting countries, and 6. Though completely unrelated, Putin has a history of assassinating political opponents. That's wolfish behavior if I've ever seen it.
You're conveniently omitting these all happened in response to the full scale Russian invasion of Ukraine.
But thanks for proving the point about Russia's disinformation war.
What I am starting to appreciate about these digital infrastructure attacks is that they may be reversible and or temporary. It can be a nice feature.
Then you're missing the point.
If they succeed they may well not be reversible. The question is if this had succeeded would we have shrugged it off again or responded appropriately?
Can you give some examples of? I can imagine that under the right circumstances you might succeed in blowing up some transformers or even a turbine, but it seems like you’d be up to speed within a month or two on the outside? Or am I missing the gravity somehow?
Pardon? A month or two without power does not seem like an enormous crisis?
Stuxnet destroyed centrifuges. It does not seem impossible that a sophisticated attack could shred some critical equipment. During the Texas 2021 outage -they were incredibly close to losing the entire grid and being in a blackstart scenario. Estimates were that it could take weeks to bring back power - all this without any physical equipment destroyed or malicious code within the network.
Edit: Had to look it up, the Texas outage was "only" two weeks and scattershot in where it hit. The death toll is estimated at 246-702.
It's middle of winter, and it gets pretty danged cold. Being without power in such weather might well end up being deadly, even with short durations.
Transformers and turbines of any significance are not off the shelf parts and can have lead times of years
> Transformers and turbines of any significance are not off the shelf parts and can have lead times of years
Bloomberg had a decent article[0] about transformers and their lead time. They're currently a bottleneck on building. It wasn't paywalled for me.
"The Covid-19 pandemic strained many supply chains, and most have recovered by now. The supply chain for transformers started experiencing troubles earlier — and it’s only worsened since. Instead of taking a few months to a year, the lead time for large transformer delivery is now three to five years. " [0]
[0] https://www.bloomberg.com/features/2025-bottlenecks-transfor...
How do they not have backups??
Enough for the entire grid? There are some amount of reserves on hand (eg drunk runs into a telephone pole), but nothing that could replace a targeted attack with the explicit goal of taking out the most vital infrastructure.
I wasn't commenting on any particular case. I was stating that flipping a switch is less costly to reverse than blowing up a dam.
These attacks are not at the level of 'flipping a switch'. If they succeed they can destabilize the grid and that has the potential to destroy gear, and while not as costly as blowing up a dam it can still be quite costly.
During WW2 both germany and the UK as example were carpet bombed to assail industry, does that help you to understand my position better?
Vietnam too.
Not really.
If you succeed in attacking the grid, you achieve the same widespread industry impact, without the cost of the munitions.
It can take decades to recover from a cyber attack like this, if it succeeds.