When Nation-States Target Power Grids and AI Starts Hacking Back: What December’s Attacks Tell Us

Last week brought some sobering reminders about where cybersecurity is heading, and honestly, I’m not sure we’re keeping pace. Between Russia’s latest attempt to knock out Poland’s power grid and new research showing AI can now chain together complex network attacks, it feels like we’re watching the threat landscape shift in real time.

Let me walk you through what happened and why I think these incidents are more connected than they first appear.

Sandworm’s Failed Power Play in Poland

The big story is Russia’s Sandworm group launching what Poland’s energy minister called the “largest cyber attack” on their power system in late December. The attack used new malware called DynoWiper, though thankfully it didn’t succeed in taking down any critical infrastructure.

What strikes me about this isn’t just that it happened – we’ve seen Sandworm target power grids before, most notably in Ukraine. It’s that they’re still actively developing new destructive malware specifically for these operations. DynoWiper represents continued investment in infrastructure attacks, which tells us this isn’t going away anytime soon.

The timing is also worth noting. Late December attacks on critical infrastructure feel deliberate – skeleton crews, holiday schedules, delayed response times. It’s the kind of operational planning that shows these aren’t opportunistic attacks but carefully orchestrated campaigns.

AI-Powered Attacks Are No Longer Theoretical

Here’s where things get interesting from a technical perspective. Anthropic just published research showing that current Claude models can now execute multistage network attacks across dozens of hosts using only standard, open-source tools. Previous AI models needed custom tooling, but those barriers are rapidly disappearing.

This isn’t some far-off threat we need to worry about in five years. We’re talking about AI that can autonomously move through networks, escalate privileges, and chain exploits together – right now. When I think about groups like Sandworm potentially incorporating these capabilities into their operations, it’s genuinely concerning.

The research emphasizes something we’ve been saying for years but maybe haven’t taken seriously enough: patch management isn’t just good hygiene anymore, it’s existential. When AI can automatically discover and exploit known vulnerabilities at scale, every unpatched system becomes a potential entry point for autonomous attacks.

Physical Meets Digital: Vehicle Security Takes Center Stage

Speaking of expanding attack surfaces, researchers at Pwn2Own Automotive World 2026 just demonstrated dozens of new vulnerabilities in vehicle infotainment systems and EV chargers. The “swipe, plug-in, pwned” attacks show how our increasingly connected transportation infrastructure is creating new vectors we’re still learning to defend.

What worries me here is the convergence factor. We’re not just talking about someone hacking your car stereo – EV charging infrastructure is becoming part of our critical energy grid. If you can compromise charging stations at scale, you’re potentially affecting both transportation and power systems simultaneously.

This connects back to the Poland attack in an uncomfortable way. Nation-state actors are already targeting power infrastructure, and we’re rapidly expanding that infrastructure to include thousands of connected charging points. The attack surface is growing faster than our ability to secure it.

Data Breaches Continue to Pile Up

Meanwhile, Under Armour is investigating a potential breach involving 72 million customer records. The company says there’s no evidence payment systems or passwords were affected, but it’s another reminder that traditional data breaches aren’t going anywhere just because we’re dealing with more sophisticated threats.

This feels almost routine now, which is part of the problem. We’re getting desensitized to massive data exposures while simultaneously dealing with AI-powered attacks and nation-state infrastructure targeting. It’s a lot to process, and I worry we’re losing focus on fundamentals while chasing the latest threats.

What This Means for Our Daily Work

Looking at these stories together, I see a few key themes that should influence how we’re thinking about security right now:

First, the automation gap is widening. Attackers are leveraging AI to automate complex attack chains while many of us are still manually reviewing logs and patching systems. We need to seriously accelerate our own automation efforts, particularly around patch management and threat detection.

Second, critical infrastructure attacks are becoming normalized. The Poland incident wasn’t successful, but it wasn’t surprising either. We need to assume these attacks will continue and focus on resilience and rapid recovery rather than just prevention.

Finally, the attack surface keeps expanding in ways that connect previously separate systems. Vehicle charging infrastructure ties into power grids. IoT devices bridge air-gapped networks. Every new connected system is potentially a new path to critical resources.

The common thread through all of this? Fundamentals matter more than ever. When AI can automatically exploit known vulnerabilities and nation-states are actively targeting infrastructure, basic security hygiene becomes the difference between containment and catastrophe.

Sources

• New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector
• Swipe, Plug-in, Pwned: Researchers Find New Ways to Hack Vehicles
• Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed
• AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities