← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Energy Sector Incident Report
WHITE Static Tundra AlienVault 2026-04-30 Modified: 2026-05-30
38
IOCs
MEDIUM VOLUME
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
energy sectorcve-2024-2617rubeusdynowiperlazywiperdestructive operationsfortigate exploitationcombined heat powerimpacketrenewable energypoland infrastructureindustrial control systemswiper attack
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
DynoWiper LazyWiper Impacket Rubeus
Indicators of Compromise (38)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 033cb31c081ff4292f82e528f5cb78a5 2026-04-30
FileHash-MD5 03816462daba8cc18a6c4531009602c2 2026-04-30
FileHash-MD5 3b0547c444735dba54ea6fce8539cf15 2026-04-30
FileHash-MD5 4cb091e1adf824f406a315a087fa75fa 2026-04-30
FileHash-MD5 60c70cdcb1e998bffed2e6e7298e1ab6 2026-04-30
FileHash-MD5 65099f306d27c8bcdd7ba3062c012d24 2026-04-30
FileHash-MD5 68192ca0fde951d973eb41a07814f402 2026-04-30
FileHash-MD5 71812ec5e06678096394b238210f0f7c 2026-04-30
FileHash-MD5 75fec5afb2deebab6dd9c16d9de35032 2026-04-30
FileHash-MD5 835b0d87ed2d49899ab6f9479cddb8b4 2026-04-30
FileHash-MD5 8398699ddfc87ddd3e26adb201242160 2026-04-30
FileHash-MD5 8759e79cf3341406564635f3f08b2f33 2026-04-30
FileHash-MD5 a727362416834fa63672b87820ff7f27 2026-04-30
FileHash-MD5 abd2f1b89b2c676d3441a793f65ffaee 2026-04-30
FileHash-MD5 bb3d90df04e437486c04e77c411cae4b 2026-04-30
FileHash-MD5 c4379da51e8b9e86ec3de934f9373f4a 2026-04-30
FileHash-MD5 d1389a1ff652f8ca5576f10e9fa2bf8e 2026-04-30
FileHash-MD5 e03f5aeb2365c50a51f9088dcede68d5 2026-04-30
FileHash-MD5 ed98c116d49c959383451097ec65c203 2026-04-30
FileHash-MD5 f2b46e610889224bd54583d8a332a464 2026-04-30
FileHash-MD5 f4e9a3ddb83c53f5b7717af737ab0885 2026-04-30
FileHash-SHA1 0e7dba87909836896f8072d213fa2da9afae3633 2026-04-30
FileHash-SHA1 4ec3c90846af6b79ee1a5188eefa3fd21f6d4cf6 2026-04-30
FileHash-SHA1 608a0b34ab3a1625cb88fcbc9a5e4be809519390 2026-04-30
FileHash-SHA1 69ede7e341fd26fa0577692b601d80cb44778d93 2026-04-30
FileHash-SHA1 86596a5c5b05a8bfbd14876de7404702f7d0d61b 2026-04-30
FileHash-SHA256 033cb31c081ff4292f82e528f5cb78a503816462daba8cc18a6c4531009602c2 2026-04-30
FileHash-SHA256 60c70cdcb1e998bffed2e6e7298e1ab6bb3d90df04e437486c04e77c411cae4b 2026-04-30
FileHash-SHA256 65099f306d27c8bcdd7ba3062c012d2471812ec5e06678096394b238210f0f7c 2026-04-30
FileHash-SHA256 835b0d87ed2d49899ab6f9479cddb8b4e03f5aeb2365c50a51f9088dcede68d5 2026-04-30
FileHash-SHA256 8759e79cf3341406564635f3f08b2f333b0547c444735dba54ea6fce8539cf15 2026-04-30
FileHash-SHA256 d1389a1ff652f8ca5576f10e9fa2bf8e8398699ddfc87ddd3e26adb201242160 2026-04-30
FileHash-SHA256 f4e9a3ddb83c53f5b7717af737ab0885abd2f1b89b2c676d3441a793f65ffaee 2026-04-30
URL http://31.172.71.5:44445/TCP 2026-04-30
URL http://31.172.71.5:50443 2026-04-30
URL http://31.172.71.5:50443/TCP 2026-04-30
URL http://31.172.71.5:8008 2026-04-30
URL http://31.172.71.5:8008/TCP 2026-04-30
References (1)
↗ https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf