What's Happening?
Poland's Internal Security Agency (ABW) has reported a significant increase in cyberattacks targeting industrial control systems (ICS) at water treatment facilities across the country. In 2025, breaches
were recorded at stations in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo. Attackers gained access to modify operational parameters, posing risks to water supply continuity. The report identifies weak password policies and internet-exposed systems as primary vulnerabilities. These attacks are attributed to hacktivist groups, often linked to Russian intelligence services, including APT28 and APT29. The report also notes increased attacks on supply chains and other critical infrastructure.
Why It's Important?
The cyberattacks on Poland's water treatment facilities underscore the growing threat to critical infrastructure from state-sponsored actors. Such vulnerabilities can lead to severe disruptions in essential services, affecting public safety and national security. The incidents highlight the need for improved cybersecurity measures in operational technology environments, which are often less protected than traditional IT systems. The attribution to Russian-linked groups suggests geopolitical tensions and the use of cyber warfare as a tool for statecraft. This situation serves as a warning to other nations about the importance of securing critical infrastructure against sophisticated cyber threats.
What's Next?
Poland is likely to enhance its cybersecurity protocols and invest in better protection for its critical infrastructure. This may include stricter password policies, reducing internet exposure of sensitive systems, and increased collaboration with international partners to counter cyber threats. The situation could prompt other countries to reassess their own vulnerabilities and strengthen defenses against similar attacks. Additionally, diplomatic tensions may rise as Poland and its allies address the involvement of Russian-linked groups in these cyber activities.
