When Nation-States Hit Wind Farms and Google Engineers Go Rogue: This Week’s Security Reality Check

The past few days have served up a particularly sobering reminder that cyber threats don’t take weekends off. While we were dealing with the usual phishing campaigns and patch cycles, some significantly more concerning events were unfolding that deserve our attention.

Poland’s Energy Grid Under Coordinated Attack

Let’s start with what might be the most significant story: CERT Polska revealed that coordinated cyber attacks hit over 30 wind and solar farms on December 29, 2025. This wasn’t some script kiddie testing their skills – we’re talking about a systematic campaign that also targeted a manufacturing company and a combined heat and power plant serving nearly half a million customers.

What makes this particularly unsettling is the coordination aspect. Hitting 30+ renewable energy facilities simultaneously suggests serious reconnaissance and planning. The timing, right during the holiday period when many security teams are operating with reduced staff, wasn’t accidental either.

While the article doesn’t specify attribution details, the scale and targeting pattern screams state-sponsored activity. Critical infrastructure attacks on energy systems have become a preferred pressure point for nation-state actors, and renewable energy facilities often have weaker security postures than traditional power plants.

For those of us managing industrial or energy sector security, this should be a wake-up call about the convergence of OT and IT threats. These facilities likely had internet-connected management systems that provided the initial attack vector.

The AI Trade Secret Heist That Actually Happened

Meanwhile, the conviction of former Google engineer Linwei Ding offers a fascinating look at how insider threats operate in the AI era. The DOJ announced that Ding was found guilty on seven counts each of economic espionage and trade secret theft for stealing over 2,000 documents containing AI secrets for a Chinese startup.

What’s particularly interesting here is the scale – we’re not talking about a few documents grabbed on the way out the door. Two thousand documents suggests systematic exfiltration over time. This case highlights how valuable AI intellectual property has become and how traditional data loss prevention might miss sophisticated insider activities.

The timing is also worth noting. As AI development accelerates, we’re seeing more cases of engineers moving between companies and potentially taking critical knowledge with them. Our insider threat detection programs need to evolve to catch these more subtle, long-term exfiltration patterns.

Ivanti’s Latest Zero-Day Nightmare

Speaking of things that keep us up at night, Ivanti had to patch more zero-day vulnerabilities in their Endpoint Manager Mobile (EPMM) product. These critical-severity flaws allowed unauthenticated remote code execution – basically the worst-case scenario for any endpoint management system.

If you’re running Ivanti products, you know this drill by now, but it doesn’t make it less painful. The fact that these were already being exploited in the wild means attackers had a head start while organizations scrambled to patch. For mobile device management systems, this is particularly concerning since they often have privileged access to corporate devices and data.

The Scam Campaigns That Actually Work

On a different note, there’s a massive cloud storage payment scam making rounds that’s worth discussing with your users. BleepingComputer reported on a campaign flooding inboxes with fake renewal notices claiming photos and files will be deleted due to payment failures.

What makes this effective is the emotional trigger – people panic when they think their family photos might disappear. The scammers are exploiting our increasing dependence on cloud storage and the genuine anxiety people feel about losing digital memories.

This is a good reminder that user education needs to address not just technical indicators but also the emotional manipulation tactics that make people click despite their better judgment.

Instagram’s Privacy Oops

Finally, there’s an interesting privacy issue that a researcher documented with Instagram. Private account photos were apparently accessible via direct links to unauthenticated users. Meta eventually fixed it but dismissed the report as “not applicable” and ignored follow-up attempts.

This highlights the ongoing challenge of getting major platforms to take privacy issues seriously, especially when they don’t fit neatly into traditional vulnerability categories. The researcher did the right thing by documenting everything and going public when Meta stonewalled them.

What This Means for Us

These stories paint a picture of a threat environment where traditional boundaries are dissolving. Nation-states are hitting renewable energy infrastructure, AI trade secrets are becoming prime espionage targets, and even privacy bugs in social platforms can have broader implications for corporate security.

The common thread is that attackers are getting better at identifying and exploiting the systems we depend on most. Whether it’s energy infrastructure, mobile device management, or cloud storage, the targets are increasingly critical to daily operations.

Sources

• Cloud storage payment scam floods inboxes with fake renewals
• CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
• Ivanti Patches Exploited EPMM Zero-Days
• Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
• Researcher reveals evidence of private Instagram profiles leaking photos