Daily Briefing for 01.26.26

Top stories.

• Sandworm blamed for attempted cyberattack against Poland's energy grid.
• Microsoft provided the FBI with BitLocker encryption keys after receiving a warrant.
• CISA flags critical VMware flaw as actively exploited.

Sandworm blamed for attempted cyberattack against Poland's energy grid.

ESET has attributed a December 2025 attempted cyberattack on Poland's energy infrastructure to the Russian threat actor Sandworm. Poland's energy minister said earlier this month that the incident was "the strongest attack on the energy infrastructure in years," though the attack was largely thwarted. ESET said the attackers used a newly observed strain of wiper malware tracked as "DynoWiper." According to Reuters, the country's energy minister said the "failed attack aimed to disrupt the communication between renewable installations and the power distribution operators."

Sandworm, a threat actor associated with the GRU's unit 74455, is believed to be responsible for previous attacks targeting Ukraine's power grid in 2015 and 2016. ESET notes that the attempted attack in Poland occurred days after the tenth anniversary of the 2015 incident, which cut power to hundreds of thousands of people across Ukraine for several hours. The attempted attack against Poland's grid, as well as the two prior attacks against Ukraine, were designed to shut off civilians' power during the dead of winter.

Microsoft provided the FBI with BitLocker encryption keys after receiving a warrant.

Forbes reports that Microsoft provided the FBI with BitLocker encryption keys to unlock the laptops of Windows users accused of fraud in Guam. Investigators were looking into fraudulent use of funds from the island’s Covid unemployment assistance program, and served Microsoft with a warrant last year requesting keys for three computers encrypted with BitLocker. Forbes notes that this is the first known instance where Microsoft has given customers' encryption keys to law enforcement.

Microsoft spokesperson Charles Chamberlayne told Forbes that "the company receives around 20 requests for BitLocker keys per year and in many cases, the user has not stored their key in the cloud, making it impossible for Microsoft to assist." However, Chamberlayne said the company "does provide BitLocker recovery keys if it receives a valid legal order."

Chamberlayne added, "[C]ustomers can choose to store their encryption keys locally, in a location inaccessible to Microsoft, or in Microsoft’s cloud. We recognize that some customers prefer Microsoft’s cloud storage, so we can help recover their encryption key if needed. While key recovery offers convenience, it also carries a risk of unwanted access."

CISA flags critical VMware flaw as actively exploited.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical VMware vCenter Server flaw to its Known Exploited Vulnerabilities (KEV) catalog, BleepingComputer reports. The vulnerability (CVE-2024-37079), which was patched in June 2024, is a "heap-overflow vulnerability in the implementation of the DCERPC protocol" that can lead to remote code execution. CISA has ordered US Federal agencies to patch the flaw by February 13th.