Russian-linked groups have conducted cyber attacks against several Polish energy sites.

Russia‑linked hackers accessed roughly 30 Polish energy sites by exploiting default credentials on exposed Fortinet FortiGate devices lacking MFA. They targeted ICS equipment from Hitachi, Moxa, and Mikronika, deploying malicious firmware and wipers that damaged some devices but did not cause power outages. CERT.PL noted that attackers had months of access and that the incident could have disrupted electricity generation, though system stability would have remained intact.

Read more:

https://www.securityweek.com/default-ics-credentials-exploited-in-destructive-attack-on-polish-energy-facilities/