Poland’s ABW Says Hackers Breached Five Water Treatment Plants in 2025

Poland’s Internal Security Agency (ABW) said it detected attacks on five water treatment plants in 2025, where hackers could have taken control of industrial equipment and, in the worst case, tampered with the safety of the water supply.

“Un grave tentativo di cyberattacco all’infrastruttura energetica nazionale si è verificato a fine dicembre 2025, ha detto il premier Donald Tusk”

Euronews

The targeted facilities were located in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo, and ABW said attackers gained access in some cases to industrial control systems with the ability to alter technical parameters of devices.

Euronews

The ABW report described the risk as “a direct risk” to the continuity of water supply operations, and it said the incidents were part of intensified hostile cyber activity in 2024 and 2025 with “particular emphasis on the special services of the Russian Federation.”

TechCrunch framed the same ABW findings as a threat that could include “tampering with the safety of the water supply,” while also linking Poland’s experience to U.S. water infrastructure threats and the 2021 Oldsmar, Florida attempt to increase sodium hydroxide levels.

SecurityWeek reported that ABW documented direct intrusions into ICS at water treatment facilities across multiple Polish municipalities in 2025, and said attackers obtained the ability to modify operational parameters of equipment in real time.

SecurityWeek also said ABW identified two primary attack vectors enabling these ICS intrusions: weak password policies and systems exposed directly to the internet, and it described these as longstanding OT security hygiene failures.

Gadget Review

The Record from Recorded Future News said ABW did not publicly attribute the incidents to a specific group or country, but it still warned that Poland faced intensified hostile cyber activity with “particular emphasis on the special services of the Russian Federation.”

In contrast, Security Affairs said ABW identified Russian APT groups APT28 and APT29 and Belarusian-aligned UNC1151 as operating against Polish targets, concluding that “APT28, APT29 andUNC1151are among the most active state-linked cyber espionage groups operating against European targets.”

TechCrunch connected the ABW water-plant report to a wider pattern, saying U.S. water utilities remain “a soft target for foreign hackers” after the 2021 Oldsmar, Florida incident involving sodium hydroxide.

“On March 2, CyberArmyofRussia_Reborn published a strange video”

Le Monde.fr

Le Monde described a separate case in France where a Telegram channel called CyberArmyofRussia_Reborn posted a video claiming sabotage of the Courlon-sur-Yonne hydroelectric plant, but Le Monde reported that the hackers had hacked “a mill” instead of the Courlon-sur-Yonne dam.

Euronews, meanwhile, said Polish Prime Minister Donald Tusk told Euronews that a grave cyberattack attempt against Poland’s national energy infrastructure at the end of December 2025 could have left “fino a mezzo milione di utenti” without heating if it had succeeded.

Euronews also quoted Dorota Kwaśniewska saying “Il sistema di cybersicurezza per l’infrastruttura energetica ha funzionato efficacemente durante gli attacchi di dicembre,” while TechCrunch warned that the ABW report’s most serious challenge remained sabotage “inspired and organized by Russian intelligence services,” requiring “full mobilization.”