White Paper: Securing Distributed Energy Resources

In late December 2025, the energy sector witnessed a paradigm shift in cyber warfare. A coordinated attack targeted the Polish power grid, specifically focusing on Distributed Energy Resources (DERs) like wind farms, solar sites, and Combined Heat and Power (CHP) facilities.

Unlike previous attacks that focused on centralized transmission systems (like Ukraine 2015), this campaign targeted the "edge" of the grid. Attackers exploited the reliance on low-cost, commodity remote access tools to blind operators and permanently "brick" equipment.

 This paper provides a detailed analysis of the attack vectors utilized by the threat group ELECTRUM (Sandworm) and demonstrates how a hardware-enforced remote access architecture could have neutralized these specific threats.