[rudolftheone]

Summary: On Dec 29, 2025, a coordinated attack hit Polish renewable energy farms (Wind/PV) and a combined heat & power plant.

Key findings from the report: Attribution: CERT Polska links the attack to Static Tundra (aka Berserk Bear/Dragonfly), a group associated with the Russian FSB.

Impact: OT communication disrupted using 'DynoWiper' malware; power generation was not stopped, but remote control was severed.

- Initial Access: Exploited FortiGate VPNs lacking MFA and default credentials on OT equipment (Hitachi/Mikronika/Moxa)

- Timeline: Attackers likely had access since March 2025 but executed the wiper attack in late December.