The recent cyberattack in late 2025 on the Polish energy grid, attributed to Russian hackers by multiple sources, painfully demonstrates how vulnerable modern supply chains have become. This was not a classic attack on a single organization, but a digital disruption impacting an entire chain of parties working together to keep critical infrastructure running. This is precisely what makes this incident so relevant for supply chain risk management.
Who Was Affected?
The attack was coordinated and had a purely destructive purpose, which Polish authorities even compared to ‘digital arson’. The main targets were systems related to distributed energy generation:
- Approximately 30 wind and solar power plants;
- A large CHP plant (Combined Heat and Power), which supplies heat to nearly half a million customers;
- A private company from the manufacturing industry.
It is important to note that thanks to timely intervention by the Polish authorities, a total blackout was prevented. The attackers did manage to disable the communication and control systems, causing operators to temporarily lose sight of the systems. It has even been reported that some industrial equipment has been permanently damaged.
The Cause: Entering Through the Back Door
What makes this case so shocking for many companies is that the attackers did not use advanced, unknown vulnerabilities (zero-days), and it was not a classic supply chain attack where a weak supplier was exploited.
Research by Cert Polska and involved manufacturers shows that the attackers managed to enter through much simpler, but common mistakes. They found that the devices at the affected locations were configured with default credentials and that recommended security features were disabled.
It also turned out that Multi-Factor Authentication (MFA) was not set up at the critical access points, so guessing or looking up the default password was enough to gain full control. Once inside, the attackers were able to move laterally through the network and reach the operational technology (OT), systems that should actually be isolated from the public network.
The Lesson for Your Company
This incident teaches us that the threat comes not only from complex hacking techniques, but often from basic security errors at crucial partners. The attackers needed detailed knowledge of the specific systems, but access was surprisingly easy to obtain. The real dependency lies in the systems that enable control and monitoring, precisely the systems that the energy suppliers temporarily lost.
This emphasizes the need to focus on the digital hygiene of those partners who exercise control over vital processes, even if those partners are small, such as the wind and solar farms in this example.
