Risky Bulletin: Russia deployed wipers on Poland's energy grid - Risky Bulletin

Summary5 min read

Risky Bulletin: Russia Deployed Wipers on Poland's Energy Grid
Podcast: Risky Bulletin (Risky Business)
Date: January 25, 2026
Host: Amberly Jack (prepared by Catalyn Campanu)

Overview

This episode delivers the latest cybersecurity news, with a primary focus on a thwarted Russian cyberattack against Poland’s energy grid. It also covers law enforcement milestones, major data breaches, regulatory reforms, cybercriminal takedowns, and emerging technical threats impacting global security.

Key Discussion Points & Insights

1. Russian Cyberattack on Poland’s Energy Grid

Topic: Russian hackers attempted to deploy a data wiper malware against Poland’s energy infrastructure in late 2025.
- This attack, if successful, would have cut power to half a million Polish citizens.
- Security firm ESET attributed the attack to Russia’s Sandworm unit (military intelligence GRU).
- Noted as the first recorded wiper attack on EU energy infrastructure by Russia.
- Quote:
  - “The attack was blocked, but if successful, could have cut power to half a million citizens.” – Amberly Jack [00:23]
- Timestamps:
  - Overview & details: [00:04] – [00:36]

2. Microsoft Shares BitLocker Keys with FBI

Context:
- Microsoft provided BitLocker encryption keys to the FBI as part of a fraud investigation.
- The keys, stored in Microsoft's cloud, enabled agents to decrypt suspect laptops.
- Microsoft reportedly receives about 20 BitLocker key requests annually.
- Quote:
  - “Microsoft told Forbes it receives about 20 requests for BitLocker keys every year.” – Amberly Jack [00:47]
- Timestamps:
  - Disclosure: [00:36] – [00:52]

3. US Vulnerability Database Management Challenges

Context:
- NIST seeks help managing the US National Vulnerability Database (NVD) amid staff shortages and slowed processing.
- Proposes offloading enrichment responsibilities to CVE numbering authorities.
- Since February 2024, only “the most critical reports” are being processed.
- Timestamps:
  - Details: [00:53] – [01:13]

4. Social Media and VPN Restrictions for Minors in the UK

Context:
- The UK House of Lords passed a bill banning social media for those under 16 (Children's Wellbeing and Schools Bill).
- Bans VPN use for anyone under 18.
- Australia (January 2026) and potentially France and Russia also moving toward similar regulations.
- Timestamps:
  - Overview: [01:13] – [01:31]

5. EU Parliament Anti-Spyware Initiative

Context:
- European Parliament launched a group to investigate spyware usage across EU countries.
- Initiative follows the Paragon scandal in Italy, urging spyware victims to share experiences.
- Timestamps:
  - Details: [01:32] – [01:44]

6. Major Data Breaches: Under Armour and Nike

Under Armour:
- Company is investigating a breach resulting in 72 million+ customer records leaked.
- Exposed data: emails, birthdates, purchase records.
- Timestamps: [01:45] – [01:57]
Nike:
- Facing claims of a breach from the “World Leak's Data Extortion” group.
- Allegedly took over 1.4 terabytes from Nike’s manufacturing division; sample shared on dark web.
- Timestamps: [01:58] – [02:10]

7. Cyber Attack on Dresden Museums

Context:
- Disrupted digital and communications infrastructure at the Dresden State Art Collections (network of 15 historic museums, home to works by Rafael and Rembrandt).
- Timestamps: [02:10] – [02:19]

8. Crypto Tax Company Waltio Extorted by Hackers

Context:
- Waltio attacked, with customer tax reports stolen.
- Company activated incident response; attacker linked to Shiny Hunters group.
- No disclosure on ransom payments.
- Timestamps: [02:20] – [02:30]

9. Romanian Murder-for-Hire Portal Dismantled

Context:
- Romanian authorities raided and brought down a website offering assassination-for-crypto.
- Seized $750,000 in cash and crypto; two suspects questioned.
- Quote:
  - “The group's website allowed anonymous users to commission assassinations paid for with crypto.” – Amberly Jack [02:32]
- Timestamps: [02:32] – [02:42]

10. Ransomware, ATM Jackpotting, and Online Fraud

Zeppelin Ransomware:
- Yanis Alexandrovich Antropenko (Russian) pled guilty to hacking 50+ victims (2019-2022).
- Detained August 2025; $2.8 million in crypto seized; faces up to 25 years prison.
- Timestamps: [02:43] – [02:55]
ATM Jackpotting:
- Two Venezuelans sentenced for malware-based ATM theft in the US.
- Luz Granados: time served; Johan Gonzalez Jimenez: 18 months.
- Timestamps: [02:55] – [03:07]
PayPal Refund Scams via Microsoft Teams Numbers:
- Scammers exploiting old Skype-linked phone numbers.
- Microsoft has reportedly not acted despite abuse reports.
- Timestamps: [03:07] – [03:20]

11. Zimbra Vulnerability Actively Exploited

Threat actors exploiting recently patched “local file inclusion” flaw in Zimbra groupware.
- Allows remote code execution on enterprise email servers.
- Timestamps: [03:21] – [03:28]

12. Retirement of Microsoft Deployment Toolkit (MDT)

Context:
- Tool, used since 2003 for automating Windows OS and app deployment, retired following vulnerability discoveries.
- Flaws could allow server takeover.
- Timestamps: [03:29] – [03:41]

13. BGP Vortex Attack Threatens Internet Backbone

Context:
- 21 major backbone providers vulnerable to BGP vortex attacks, which could cripple 95%+ of Internet connectivity.
- Attacks exploit “legitimate BGP configuration” to create traffic loops.
- Discovery by European and US academic team.
- Quote:
  - “A coordinated attack could bring down more than 95% of the Internet.” – Amberly Jack [03:47]
- Timestamps: [03:42] – [03:52]

Memorable Quotes

“The attack was blocked, but if successful, could have cut power to half a million citizens.” – Amberly Jack [00:23]
“Microsoft told Forbes it receives about 20 requests for BitLocker keys every year.” – Amberly Jack [00:47]
“The group's website allowed anonymous users to commission assassinations paid for with crypto.” – Amberly Jack [02:32]
“A coordinated attack could bring down more than 95% of the Internet.” – Amberly Jack [03:47]

Summary Table of Major Segments (Timestamps)

| Topic | Segment Start | |---------------------------------------------------------|:--------------:| | Russia-Poland energy grid wiper attack | 00:04 | | Microsoft/FBI BitLocker keys | 00:36 | | US NVD management challenges | 00:53 | | UK restricts social media/VPN for youth | 01:13 | | EU Parliament anti-spyware group | 01:32 | | Under Armour breach | 01:45 | | Nike breach claim | 01:58 | | Dresden museums cyber attack | 02:10 | | Waltio crypto tax hack/extortion | 02:20 | | Romanian murder-for-hire portal bust | 02:32 | | Zeppelin ransomware plea | 02:43 | | ATM jackpotting sentences | 02:55 | | PayPal refund scams via MS Teams/Skype | 03:07 | | Zimbra vulnerability exploited | 03:21 | | Microsoft Deployment Toolkit retirement | 03:29 | | BGP vortex/Internet backbone threat | 03:42 |

Conclusion

The episode offers a sweeping, punchy rundown of global cybersecurity events, highlighted by Russia’s escalatory tactics against the European energy sector and several law enforcement and policy updates. Several large data breaches, legislative maneuvers, and critical vulnerabilities round out a packed bulletin for anyone tracking cyber risk at a national and organizational scale.

Loading summary

Transcript1 lines

[00:04]
A
Russia deployed wipers against Poland's energy grid Microsoft shared BitLocker keys with the FBI, Romania dismantles a murder for hire portal and the EU creates a new anti spyware group. This is the risky bulletin prepared by Catalyn Campanu and read by me, Amberly Jack Today is January 26th and this podcast episode is brought to you by Push Security. In today's top story, Russian hackers deployed a data wiper against Poland's energy grid late last year. The attack was blocked, but if successful, could have cut power to half a million citizens. Security firm ESET linked the malware to Sandworm, an offensive cyber unit inside Russia's military intelligence service. This is believed to be the first time Russian hackers have attempted to deploy wipers against the energy infrastructure of an EU country. The FBI has obtained BitLocker encryption keys from Microsoft as part of a fraud investigation. The keys were stored in Microsoft's cloud and allowed agents to decrypt the laptops of suspects. Microsoft told Forbes it receives about 20 requests for BitLocker keys every year. The US National Institute of Standards and Technology is seeking help from third parties in managing the US national vulnerability database. The agency wants to transfer its vulnerability enrichment responsibilities to CVE numbering authorities. Since February 2024, NIST has been unable to keep up with the pace of vulnerability data. The agency says budget cuts have forced it to prioritise only the most critical reports. The UK House of Lords has voted to ban social media for children under the age of 16 under the Children's Wellbeing and Schools Bill. Anyone under 18 would also be banned from using VPN apps. In January, Australia restricted social media use to people aged 16 and over. Similar efforts are also being considered in France and Russia. The UK bill now moves to the House of Commons. The European Parliament has set up a team to investigate the use of spyware across the bloc. Victims of spyware attacks are being asked to share their stories. The group was established in the aftermath of the Paragon spying scandal in Italy. Sportswear company Under Armour is investigating a data breach. More than 72 million records were leaked online this month. The stolen data includes customer emails, dates of birth and purchase details. The files were allegedly stolen in a breach last year, although no further details are known. American sportswear giant Nike is also investigating a potential security breach. Last week, the World Leak's data Extortion group published a sample of stolen data on the Dark Web. The group claims it stole more than 1.4 terabytes of data from Nike's clothing manufacturing department, a cyber attack has disrupted the IT systems of Dresden museums. Last week's incident took down some digital and phone services. The Dresden State Art Collections is one of the oldest networks of museums in Europe. It oversees 15 museums housing works by Rafael and Rembrandt. The French crypto tax filing company Waltio is being extorted by hackers. The company confirmed that customer tax reports from last year were stolen. Walteo says it has activated incident response procedures but has not said if it will pay the ransom. The Shiny Hunters group is believed to be behind the attack. Romanian authorities have dismantled a murder for hire operation. The group's website allowed anonymous users to commission assassinations paid for with Crypto. Authorities raided three locations and questioned two individuals behind the scheme. They also seized a combined $750,000 in crypto, US dollars and euros. A Russian national has pleaded guilty in the US to leading the zeppelin. Ransomware group Yanis Alexandrovich Antropenko admitted to hacking more than 50 victims between 2019 and 2022. He was detained in August last year but was released on bail the same day authorities seized $2.8 million in crypto from Anchipenko. He faces up to 25 years in prison. A US judge has sentenced two Venezuelan nationals over their roles in ATM jackpotting. Luz Granados was sentenced to time served and Johan Gonzalez Jimenez received an 18 month prison sentence. The pair operated at night physically installing malware into ATMs. Phone numbers linked to Microsoft Teams are being used to carry out PayPal refund scams. The phone numbers are part of what used to be Skype, according to Anti Scam group Demurrage. Microsoft has ignored reports of abuse. Threat actors are exploiting a recently patched vulnerability in the Zimbra collaboration platform. The local file inclusion flaw allows attackers to run malicious code on the server. Active exploitation was reported by CISA last week. Microsoft has retired the Microsoft Deployment toolkit. It was first released in 2003 and was used to automate the deployment of Windows operating systems and applications. The company retired the tool after researchers at Spectrops discovered multiple vulnerabilities. The flaws could have allowed attackers to take over MDT servers and deploy malware. And finally, 21 major Internet backbone providers are vulnerable to BGP vortex attacks that could cripple the global Internet. The attacks leverage legitimate BGP configuration to reroute Internet traffic in a loop. According to a team of European and US academics, a coordinated attack could bring down more than 95% of the Internet. That's all for this podcast edition. Today's show was brought to you by our sponsor, Push Security. Find them@PushSecurity.com thanks for your company.