Visualização normal

Hoje — 9 de Maio de 2026Stream principal
  • ✇Security Affairs
  • Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare Pierluigi Paganini
    Poland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected. Poland’s Internal Security Agency (ABW) has published a detailed account of a sustained campaign targeting the country’s water plants, documenting security breaches at five water treatment facilities in 2025. The incidents mark one of the clearest documented cases in Europe of state-linked hackers gaining direct access to industrial control system
     
  • ↗️

Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare

✇Security Affairs
Por:Pierluigi Paganini
8 de Maio de 2026, 15:16

Poland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected.

Poland’s Internal Security Agency (ABW) has published a detailed account of a sustained campaign targeting the country’s water plants, documenting security breaches at five water treatment facilities in 2025. The incidents mark one of the clearest documented cases in Europe of state-linked hackers gaining direct access to industrial control systems managing public water supplies.

The affected facilities were located in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo. In several cases, attackers didn’t just observe, they obtained the ability to modify operational parameters of equipment in real time, creating a direct and concrete risk to the continuity of public water services. A breach of this kind isn’t a data theft. It is the digital equivalent of sabotage.

“In some cases, the attackers gained access to industrial control systems and obtained the capability to modify device operating parameters.” reads the report published by ABW. “This created a direct threat to the continuity of water supply processes and the proper functioning of municipal infrastructure.”

The attack vectors ABW identified are as unglamorous as they are alarming: weak password policies and systems left directly exposed to the internet. These are not sophisticated zero-day exploits. They are basic security failures that the OT and ICS security community has been warning about for years.

“The incidents were made possible by inadequate security measures, including weak password policies and the exposure of management interfaces directly to the public internet.” continues the report. “In several cases, systems responsible for operational technology were accessible without sufficient protection mechanisms.”

The attribution points firmly eastward. ABW identified Russian APT groups APT28 and APT29, the same actors linked to election interference across Europe and the SolarWinds supply chain attack, as well as UNC1151, a Belarusian-aligned group previously connected to the Ghostwriter operation targeting NATO countries.

“APT28, APT29 and UNC1151 are among the most active state-linked cyber espionage groups operating against European targets.” concludes the report. “Their activities combine intelligence collection, disruptive cyber operations and coordinated information warfare campaigns.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Water Plants)

❌
❌