Energy Sector Incident Report - 29 December 2025

**CERT Polska reports that on 29 December 2025 coordinated destructive cyberattacks targeted over 30 wind and photovoltaic grid connection points, a large CHP plant, and a manufacturing company in Poland; attackers used firmware corruption and wiper malware to damage RTUs, HMIs, protection relays and network devices, interrupting communications with distribution operators but not stopping energy production or heat delivery.** The report provides a full timeline, technical malware analysis, IOCs, and attributes the operation to an activity cluster overlapping with actors publicly known as Static Tundra / Berserk Bear.