Risky Bulletin: Russia Deployed Wipers on Poland's Energy Grid
Podcast: Risky Bulletin (Risky Business)
Date: January 25, 2026
Host: Amberly Jack (prepared by Catalyn Campanu)
Overview
This episode delivers the latest cybersecurity news, with a primary focus on a thwarted Russian cyberattack against Poland’s energy grid. It also covers law enforcement milestones, major data breaches, regulatory reforms, cybercriminal takedowns, and emerging technical threats impacting global security.
Key Discussion Points & Insights
1. Russian Cyberattack on Poland’s Energy Grid
- Topic: Russian hackers attempted to deploy a data wiper malware against Poland’s energy infrastructure in late 2025.
- This attack, if successful, would have cut power to half a million Polish citizens.
- Security firm ESET attributed the attack to Russia’s Sandworm unit (military intelligence GRU).
- Noted as the first recorded wiper attack on EU energy infrastructure by Russia.
- Quote:
- “The attack was blocked, but if successful, could have cut power to half a million citizens.” – Amberly Jack [00:23]
- Timestamps:
- Overview & details: [00:04] – [00:36]
2. Microsoft Shares BitLocker Keys with FBI
- Context:
- Microsoft provided BitLocker encryption keys to the FBI as part of a fraud investigation.
- The keys, stored in Microsoft's cloud, enabled agents to decrypt suspect laptops.
- Microsoft reportedly receives about 20 BitLocker key requests annually.
- Quote:
- “Microsoft told Forbes it receives about 20 requests for BitLocker keys every year.” – Amberly Jack [00:47]
- Timestamps:
- Disclosure: [00:36] – [00:52]
3. US Vulnerability Database Management Challenges
- Context:
- NIST seeks help managing the US National Vulnerability Database (NVD) amid staff shortages and slowed processing.
- Proposes offloading enrichment responsibilities to CVE numbering authorities.
- Since February 2024, only “the most critical reports” are being processed.
- Timestamps:
- Details: [00:53] – [01:13]
4. Social Media and VPN Restrictions for Minors in the UK
- Context:
- The UK House of Lords passed a bill banning social media for those under 16 (Children's Wellbeing and Schools Bill).
- Bans VPN use for anyone under 18.
- Australia (January 2026) and potentially France and Russia also moving toward similar regulations.
- Timestamps:
- Overview: [01:13] – [01:31]
5. EU Parliament Anti-Spyware Initiative
- Context:
- European Parliament launched a group to investigate spyware usage across EU countries.
- Initiative follows the Paragon scandal in Italy, urging spyware victims to share experiences.
- Timestamps:
- Details: [01:32] – [01:44]
6. Major Data Breaches: Under Armour and Nike
-
Under Armour:
- Company is investigating a breach resulting in 72 million+ customer records leaked.
- Exposed data: emails, birthdates, purchase records.
- Timestamps: [01:45] – [01:57]
-
Nike:
- Facing claims of a breach from the “World Leak's Data Extortion” group.
- Allegedly took over 1.4 terabytes from Nike’s manufacturing division; sample shared on dark web.
- Timestamps: [01:58] – [02:10]
7. Cyber Attack on Dresden Museums
- Context:
- Disrupted digital and communications infrastructure at the Dresden State Art Collections (network of 15 historic museums, home to works by Rafael and Rembrandt).
- Timestamps: [02:10] – [02:19]
8. Crypto Tax Company Waltio Extorted by Hackers
- Context:
- Waltio attacked, with customer tax reports stolen.
- Company activated incident response; attacker linked to Shiny Hunters group.
- No disclosure on ransom payments.
- Timestamps: [02:20] – [02:30]
9. Romanian Murder-for-Hire Portal Dismantled
- Context:
- Romanian authorities raided and brought down a website offering assassination-for-crypto.
- Seized $750,000 in cash and crypto; two suspects questioned.
- Quote:
- “The group's website allowed anonymous users to commission assassinations paid for with crypto.” – Amberly Jack [02:32]
- Timestamps: [02:32] – [02:42]
10. Ransomware, ATM Jackpotting, and Online Fraud
-
Zeppelin Ransomware:
- Yanis Alexandrovich Antropenko (Russian) pled guilty to hacking 50+ victims (2019-2022).
- Detained August 2025; $2.8 million in crypto seized; faces up to 25 years prison.
- Timestamps: [02:43] – [02:55]
-
ATM Jackpotting:
- Two Venezuelans sentenced for malware-based ATM theft in the US.
- Luz Granados: time served; Johan Gonzalez Jimenez: 18 months.
- Timestamps: [02:55] – [03:07]
-
PayPal Refund Scams via Microsoft Teams Numbers:
- Scammers exploiting old Skype-linked phone numbers.
- Microsoft has reportedly not acted despite abuse reports.
- Timestamps: [03:07] – [03:20]
11. Zimbra Vulnerability Actively Exploited
- Threat actors exploiting recently patched “local file inclusion” flaw in Zimbra groupware.
- Allows remote code execution on enterprise email servers.
- Timestamps: [03:21] – [03:28]
12. Retirement of Microsoft Deployment Toolkit (MDT)
- Context:
- Tool, used since 2003 for automating Windows OS and app deployment, retired following vulnerability discoveries.
- Flaws could allow server takeover.
- Timestamps: [03:29] – [03:41]
13. BGP Vortex Attack Threatens Internet Backbone
- Context:
- 21 major backbone providers vulnerable to BGP vortex attacks, which could cripple 95%+ of Internet connectivity.
- Attacks exploit “legitimate BGP configuration” to create traffic loops.
- Discovery by European and US academic team.
- Quote:
- “A coordinated attack could bring down more than 95% of the Internet.” – Amberly Jack [03:47]
- Timestamps: [03:42] – [03:52]
Memorable Quotes
- “The attack was blocked, but if successful, could have cut power to half a million citizens.” – Amberly Jack [00:23]
- “Microsoft told Forbes it receives about 20 requests for BitLocker keys every year.” – Amberly Jack [00:47]
- “The group's website allowed anonymous users to commission assassinations paid for with crypto.” – Amberly Jack [02:32]
- “A coordinated attack could bring down more than 95% of the Internet.” – Amberly Jack [03:47]
Summary Table of Major Segments (Timestamps)
| Topic | Segment Start | |---------------------------------------------------------|:--------------:| | Russia-Poland energy grid wiper attack | 00:04 | | Microsoft/FBI BitLocker keys | 00:36 | | US NVD management challenges | 00:53 | | UK restricts social media/VPN for youth | 01:13 | | EU Parliament anti-spyware group | 01:32 | | Under Armour breach | 01:45 | | Nike breach claim | 01:58 | | Dresden museums cyber attack | 02:10 | | Waltio crypto tax hack/extortion | 02:20 | | Romanian murder-for-hire portal bust | 02:32 | | Zeppelin ransomware plea | 02:43 | | ATM jackpotting sentences | 02:55 | | PayPal refund scams via MS Teams/Skype | 03:07 | | Zimbra vulnerability exploited | 03:21 | | Microsoft Deployment Toolkit retirement | 03:29 | | BGP vortex/Internet backbone threat | 03:42 |
Conclusion
The episode offers a sweeping, punchy rundown of global cybersecurity events, highlighted by Russia’s escalatory tactics against the European energy sector and several law enforcement and policy updates. Several large data breaches, legislative maneuvers, and critical vulnerabilities round out a packed bulletin for anyone tracking cyber risk at a national and organizational scale.
