• Umer Wajih
• February 10, 2026
• No Comments

Date: February 2026
Severity: High
Affected Sector: Energy (Renewable Energy, Combined Heat and Power, Manufacturing)
Systems Impacted: Operational Technology (OT) and Industrial Control Systems (ICS)

Summary

In December 2025, a cyber incident targeting Poland’s energy sector resulted in the compromise of operational technology (OT) and industrial control systems (ICS) across multiple organizations. Affected entities included renewable energy facilities, a combined heat and power (CHP) plant, and a manufacturing organization.

According to CERT Polska, the attackers exploited vulnerable edge devices to gain initial access and subsequently deployed wiper malware, leading to operational disruption. This incident highlights persistent security gaps in OT and ICS environments, particularly where edge devices are exposed or inadequately secured.

Key Observations

• Threat actors leveraged unpatched or misconfigured edge devices as an entry point.
• OT and ICS environments were directly targeted, demonstrating increased risk to critical infrastructure systems.
• The deployment of wiper malware indicates intent to disrupt operations rather than conduct espionage.

Recommended Actions

Organizations operating OT and ICS environments, particularly within critical infrastructure sectors, are strongly advised to take the following actions:

• Apply security updates and patches promptly when they become available for edge devices and supporting systems.
• Change default credentials on all devices and enforce strong password policies.
• Require OT vendors, system integrators, and suppliers to implement and maintain credential management and security hardening practices.
• Review exposure of edge devices and limit external access where possible.

Impact

Failure to address these security gaps may increase the risk of unauthorized access, operational disruption, and potential physical consequences within critical infrastructure environments.

References

• CISA Alert: Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps
  https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps

Meraal Cyber Security (MCS) is a cybersecurity consulting and managed services firm with an AI-powered platform that delivers continuous attack surface intelligence and proactive threat defense. We combine attack surface mapping with digital risk protection and AI-enriched threat intelligence to deliver personalized, contextual, outside-in, and actionable security insights. We have built the next generation of AI-powered threat intelligence platform called ThreatFence to empower defenders with threat actor perspective for proactive security readiness.

SCHEDULE A DEMO HERE