The UK and EU have formally blamed Russia’s Federal Security Service (FSB) for the December 2025 cyberattack targeting Poland’s power grid. Attackers deployed DynoWiper malware in an attempt that could have left half a million Poles without electricity during winter. The FSB’s Centre 16 division was identified as responsible, with the UK’s Foreign Office calling it “another example of the Russian state’s irresponsible attempts to sow chaos across Europe.”
In response, the UK and EU imposed sweeping sanctions on nine individuals and four entities tied to the FSB’s cyber operations. The UK National Cyber Security Centre co-authored a technical advisory urging critical infrastructure organizations to disable SNMPv1 and SNMPv2 in favor of SNMPv3 with authentication, and to disable Cisco Smart Install on all devices — tactics Centre 16 routinely exploits for initial access.
Energy organizations, defense contractors, financial services, and healthcare providers are considered at highest risk. The advisory warned that Centre 16’s tradecraft overlaps with other Russia-aligned threat groups and emphasized the urgency of deploying the recommended mitigations.
