[nunobrito]

In Germany a few months prior saw CCC publishing a method for destabilizing energy grids using radio waves a cheap hardware: https://media.ccc.de/v/38c3-blinkencity-radio-controlling-st... and presented an attack vector to which most infrastructure in Europe is exposed.

About 4 hours before the grid collapse on the 28th of April 2025 was recorded the largest purchase of Monero in the past 3 years (to remember: monero is coin of choice for special operations), making it surge +40% in 24 hours. The initial Spanish reports mentioned conflicting power information from dozens of locations at the same time which is consistent with a sequential attack using the blinkencity method so the grid itself is forced to close down.

[rob74]

Well, if that's really the cause, then thanks CCC, I guess. For such a serious vulnerability which is probably non-trivial (not to mention expensive) to patch, is it really responsible to give only 3.5 months of time before disclosing it (according to slide #56 https://cdn.prod.website-files.com/5f6498c074436c349716e747/..., they notified EFR about the vulnerability on 2024-09-12 and disclosed it on 2024-12-28)?

[nunobrito]

IMHO wouldn't make much a difference, the issue had been known to them for years up to that point. To a large part still exists, the Spanish grid only committed to upgrade the hardware after this incident. Even so it will require about another year to complete the upgrade over there.

I don't follow in detail the news on other European nations but haven't seen much focus on hardening their security until they actually get breached. A recent example (albeit different attack vector) would be the Polish grid: https://arstechnica.com/security/2026/01/wiper-malware-targe...