DynoWiper update: Technical analysis and attribution

ESET Research analyzes DynoWiper, a destructive data-wiping malware deployed against a Polish energy company in December 2025, describing its three-phase overwrite-and-reboot workflow, file-selection/exclusion logic, deployment methods (including Active Directory Group Policy and execution from a shared directory), associated tools (Rubeus, rsocx), and provided IoCs and MITRE ATT&CK mappings; ESET attributes the wiper to the Russia-aligned Sandworm group with medium confidence and notes that ESET PROTECT blocked execution, limiting impact.