Coordinated Cyberattack on Polish Renewable Energy Infrastructure

In December 2025, a cyberattack targeted approximately 30 wind and solar sites in Poland, impacting communications and control systems. The attack, attributed to Russian hackers, exploited vulnerabilities in internet-facing edge devices, allowing access to remote terminal units (RTUs). While generation assets continued to operate, the incident raised alarms about the safety of battery energy storage systems, as attackers could manipulate charge rates and temperatures, risking thermal runaway. The event highlighted a significant gap in cyber-insurance coverage for physical damage resulting from cyber incidents. Experts noted that the attack represented a shift from targeting centralized SCADA systems to coordinated assaults on distributed assets. The insurance market faces challenges due to the overlap between cyber and property policies, complicating claims for damages. This incident serves as a wake-up call for energy asset operators regarding the evolving threat landscape.

Key Points: • A cyberattack in December 2025 affected 30 renewable energy sites in Poland. • Attackers exploited vulnerabilities in edge devices, targeting remote terminal units (RTUs). • The incident highlighted gaps in cyber-insurance coverage for battery storage systems.