The Threat CodexFeb 19
Under the Hood of DynoWiper
#DynoWiper
https://isc.sans.edu/diary/32730
Daniel Kuhl ✌🏻☮️☕️Feb 5

Polish CERT detailed coordinated destructive attacks on Polish energy and manufacturing sectors, attributed to Static Tundra, using FortiGate SSL VPN access. The attackers conducted reconnaissance, firmware damage, lateral movement, and deployed #DynoWiper and #LazyWiper that corrupt files.

https://research.checkpoint.com/2026/2nd-february-threat-intelligence-report/

2nd February – Threat Intelligence Report - Check Point Research

For the latest discoveries in cyber research for the week of 2nd February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES MicroWorld Technologies, maker of eScan antivirus, has suffered a supply-chain compromise. Malicious updates were pushed via the legitimate eScan updater, delivering multi-stage malware that establishes persistence, enables remote access, and blocks automatic […]

Check Point Research
avallachFeb 4

Changed just 2 things in Binary Ninja's HLIL representation to get the Mersenne Twister initialize_state formula to match what's on Wikipedia:

seed = f * (seed ^ (seed >> (w-2))) + i;

w: word size (in number of bits). 32-2 = 30
f: is the constant 0x6c078965

Can you spot the 2 things? 🙂

#BinaryNinja #DynoWiper

Anna Wasilewska-ŚpiochFeb 3

Po ośmiu (!) latach przerwy w polskojęzycznym serwisie malware@prevenity zaczęły się znów pojawiać analizy złośliwego oprogramowania 🤯 Wśród badanych ostatnio próbek znalazł się DynoWiper użyty w atakach na polską infrastrukturę energetyczną:

https://malware.prevenity.com/2026/02/analiza-techniczna-wybranych-funkcji.html

#cyberbezpieczenstwo #dynowiper

Analiza techniczna wybranych funkcji malware DynoWiper

Poniżej zamieściliśmy kilka szczegółowych informacji dotyczących złośliwego oprogramowania DynoWiper (na podstawie jednej z próbek - source....

ESET ResearchJan 30
#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector.
https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/
@CERT_Polska_en did an excellent job investigating the incident and published a detailed analysis in a report:
https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/
#ESETresearch attributes the attack to the 🇷🇺 Russia‑aligned #Sandworm APT group with medium confidence, based on strong overlaps in behavior and TTPs with multiple earlier Sandworm attacks. Specifically, DynoWiper operates in a broadly similar fashion to the ZOV wiper, which we attribute to Sandworm with high confidence.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/dynowiper
অর্ঘ্য 🏏📚 💻Jan 26

#ESET Research: #Russian cyber actor #Sandworm behind #cyberattack on NATO member #Poland’s power grid in late 2025. The attack involved data-wiping malware #DynoWiper. Coincidentally on the 10th anniversary of #Ukraine power grid.

🔗 https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/

ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025

The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper.

PressMind LabsJan 25

Nowy wiper w polskiej energetyce – atak na infrastrukturę krytyczną

Czy można „zetrzeć” prąd z dysku? Ktoś właśnie próbował – i to w Polsce.

Czytaj dalej:
https://pressmind.org/nowy-wiper-w-polskiej-energetyce-atak-na-infrastrukture-krytyczna/

#PressMindLabs #dynowiper #elektrocieplownie #eset #oze #sandworm

Paralhax 👾Jan 24

RE: https://infosec.exchange/@ESETresearch/115946900115906422

#DynoWiper

ESET ResearchJan 23
#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent.
#ESETresearch attributes the attack to the Russia‑aligned #Sandworm APT group with medium confidence, based on strong overlaps in behavior and TTPs with multiple earlier Sandworm-linked wiper operations investigated by our team.
The attack struck during peak winter and the 10‑year anniversary of Sandworm’s 2015 attack on Ukraine’s power grid - the first malware-driven blackout, leaving ~230,000 people without electricity.
#ESET detects DynoWiper as Win32/KillFiles.NMO. Customers of our private ESET Threat Intelligence APT reports have already received additional technical details and IOCs to support rapid detection and response. IoC: 4EC3C90846AF6B79EE1A5188EEFA3FD21F6D4CF6
We continue to investigate the incident and broader implications. As new evidence or links to additional Sandworm activity emerge, we will share further updates to help defenders protect critical sectors.