Key findings from the report: Attribution: CERT Polska links the attack to Static Tundra (aka Berserk Bear/Dragonfly), a group associated with the Russian FSB.
Impact: OT communication disrupted using 'DynoWiper' malware; power generation was not stopped, but remote control was severed.
- Initial Access: Exploited FortiGate VPNs lacking MFA and default credentials on OT equipment (Hitachi/Mikronika/Moxa)
- Timeline: Attackers likely had access since March 2025 but executed the wiper attack in late December.