**Polish Officials Blame Russian Domestic Spy Agency for December 29 Cyberattacks**

Poland's Computer Emergency Response Team (CERT) has released a report detailing the cyberattack on 30 renewable energy facilities, a manufacturing firm, and a plant supplying heat to nearly 500,000 customers. The report points to a team of hackers from Russia's Federal Security Service (FSB), known by its Russian acronym FSB.

The hacks were "purely destructive in nature," the report said, comparing them to arson. The Russian aim was to irreversibly destroy data stored on devices within the combined heat and power plant, but security software blocked that portion of the attack, according to the report. The Russian embassy in Washington did not respond to a request for comment.

Poland has been subject to a growing number of cyberattacks by Russia since the war in Ukraine began in February 2022. Moscow regularly denies responsibility for malicious cyber activity. The report tied the incident to an FSB hacking operation tracked under several nicknames, including "Berserk Bear" and "Dragonfly."

An August 20, 2025 report from the FBI linked the groups to the FSB's specialized unit Center 16. While the group has historically had a "significant interest" in the energy sector and the ability to attack industrial devices, "this is the first publicly described destructive activity attributed to this cluster," the Polish cyber officials said.

The report's verdict on the hacks involved partially backs an independent analysis published last week by researchers at the Slovakia-based cybersecurity firm ESET. ESET said that the malware involved in the Polish attack overlapped with prior destructive cyber operations tied to Russia, but linked it to a Russian military intelligence hacking unit known as Sandworm, not the FSB.

John Hultquist, chief analyst at Google Threat Intelligence Group, said Friday that if the attack truly is Berserk Bear, the activity represents an escalation from its penetration of targets for long-term espionage towards damaging action. "They have the means, the question was always did they have the motivation," Hultquist said.

"Now, potentially based on this attribution, proven to us that they do have the motivation, which puts us in a much more serious situation," Hultquist added. He also expressed concerns about the security of the Winter Olympics, set to kick off February 6. "Russia has previously attempted to knock the opening ceremonies of the Winter Olympics offline, and they were extremely active during the last summer games," Hultquist said.

**Other Analysis Points to Russian Military Intelligence**

Poland says its critical infrastructure has been subject to a growing number of cyberattacks by Russia since the war in Ukraine began in February 2022. Moscow regularly denies responsibility for malicious cyber activity.

The report tied the incident to an FSB hacking operation tracked under several nicknames, including "Berserk Bear" and "Dragonfly." An August 20, 2025 report from the FBI linked the groups to the FSB's specialized unit Center 16. While the group has historically had a "significant interest" in the energy sector and the ability to attack industrial devices, "this is the first publicly described destructive activity attributed to this cluster," the Polish cyber officials said.

**Russian Embassy Does Not Respond**

The Russian embassy in Washington did not respond to a request for comment on the report. The incident has raised concerns about the security of critical infrastructure and the potential for future attacks.