In December, Poland was hit by one of the most serious cyberattacks on its energy infrastructure, targeting power plants, energy producers and thermal power stations, and narrowly avoiding large-scale blackouts. Adverse weather conditions compounded the risks. Deputy Prime Minister and Minister of Digitalisation Krzysztof Gawkowski said the attack was an act of Russian sabotage aimed at destabilising the country.
Energy Minister Miłosz Motyka said the thwarted operation sought to disrupt communication between renewable energy installations and electricity distribution operators, noting that previous attacks had typically focused on large power units or transmission networks.
Poland convened an emergency meeting on Tuesday in response to the attacks. Prime Minister Donald Tusk said several facilities had been targeted, including two thermal power stations. “The attacks targeted a system used to manage electricity generated from renewable energy sources,” Tusk said, adding that had the operation succeeded, around half a million people would have been left without heating.
The Polish prime minister also mentioned that while there is no conclusive evidence at this stage, much suggests the attacks were prepared by groups linked to Russian intelligence services. “I do not want to speculate, but we probably have no doubts about the sources of inspiration,” Tusk added.
He said that although the attack had been repelled, additional protective measures were needed. Work is currently underway in the Sejm on legislation establishing a national cybersecurity system, and the prime minister said he was counting on the president’s co-operation on the issue. “I hope this fits into the logic of our agreement or consensus between different institutions when it comes to the country’s security. There should be no political disputes here,” he added.
Overall, Poland’s critical infrastructure has been subjected to a rising number of cyberattacks from Russia since the start of the full-scale war in Ukraine. Russia’s military intelligence tripled the resources it devoted to such activities against Poland last year, the country’s Minister of Digital Affairs told Reuters. Of the 170,000 cyber incidents recorded in the first three quarters of 2025, a significant share was attributed to Russian actors.
Effective protection requires not only technology but also close co-operation between the public and private sectors, Defence24 editor Dorota Kwasniewska told Euronews. “In response to growing threats, we need to focus on developing protective mechanisms. Attacks are constantly taking on new forms, so we must keep pace with the times and strengthen our defences,” she said.
Kwasniewska added that the impact of such cyberattacks depends largely on how they are carried out and on the resilience of the systems designed to defend against them.
“In December 2015, Ukraine became the first country in the world where a cyberattack caused an actual power outage. Hacker groups linked to Russia carried out a coordinated attack on energy system operators, using the BlackEnergy and KillDisk malware. The attackers gained remote control of SCADA systems, shut down electricity substations and at the same time paralysed customer service centres. As a result, around 230,000 consumers were left without electricity for several hours,” Kwasniewska said.
Meanwhile, selected findings from the Microsoft Digital Defence Report 2025 show that Poland is the third most targeted country in Europe for politically motivated cyberattacks, after Ukraine and the United Kingdom.
