Skip to content
Breachroad
Back to the blog
Critical infrastructure

Attack on the energy sector and NoName057 DDoS

A destructive attack on Poland's energy sector and pro-Russian DDoS show critical infrastructure is a target — what it means for companies.

KR
Karol Rapacz
5 February 2026 · 7 min read
Attack on the energy sector and NoName057 DDoS

The turn of 2025 and 2026 was a reminder that a cyberattack doesn’t always target the money in your account — sometimes the target is the availability of services and trust in the state itself. A destructive incident in Poland’s energy sector and the relentless pro-Russian DDoS campaigns reveal the other face of the threat landscape: hacktivism and operations at the intersection with geopolitics.

Two different kinds of threat

A destructive attack on infrastructure. On 29 December 2025, an incident struck entities in the energy sector — a detailed analysis was published by CERT Polska on 30 January 2026. Its nature was destructive, and the targets included renewable-energy installations and an industrial plant. This is a class of attack aimed at disruption, not ransom.

DDoS as a pressure tool. Pro-Russian groups such as NoName057(16) have long run DDoS campaigns against countries supporting Ukraine — Poland included. The targets are the sites of public institutions, transport and banks. DDoS attacks rarely cause data leaks in themselves, but they paralyse services and manufacture a sense of chaos — which is exactly the point.

Why this concerns ordinary companies too

It’s easy to think “that’s a matter for the state and big operators”. Wrong. First, many companies are part of the supply chain of critical infrastructure — suppliers, integrators, subcontractors — and real attack vectors run through them. Second, DDoS can hit any business that depends on online availability. Third, the regulatory environment (the NIS2 directive and its implementation in Poland) extends security obligations to a far broader set of entities than before.

How to prepare

For DDoS:

  • Anti-DDoS protection at the edge (provider / CDN), with a rehearsed heightened-threat mode.
  • Redundancy and scaling of critical services, plus a communication plan for periods of unavailability.

For targeted and destructive attacks:

  • Separation of IT from OT (control systems) and strict access control between them.
  • MFA and segmentation, anomaly monitoring, up-to-date edge systems.
  • Resilient backups and rehearsed recovery — including for industrial systems.
  • Supply-chain security — requirements for suppliers, minimising their access.

Organisationally:

  • A rehearsed incident-response plan with clear roles, and a dependency map (“what stops working when X goes down”).
  • Readiness for NIS2 obligations — incident reporting, risk management, board accountability.

The conclusion from these events is strategic: resilience is not a luxury, but a requirement. It’s no longer just about not getting robbed, but about keeping services running — even when someone is deliberately trying to stop them. It’s a perspective worth applying to vulnerability prioritisation and everyday security decisions, too.

If your organisation operates in a critical sector or falls under NIS2, it’s worth testing your infrastructure’s resilience before someone else does — see our security audit and testing services or book a free consultation.

Sources and further reading: CERT Polska, NASK, Sekurak, Niebezpiecznik.

Share this article

Services Book a consultation