Russian Hackers Are Targeting Water and Power Systems Across Poland

Poland's intelligence agency has revealed that Russian state-sponsored hackers have successfully broken into water treatment facilities and power systems across the country during 2024 and 2025. This is not just spying — the hackers have gained the ability to directly control critical equipment.

The ABW's 2025 special edition report documents successful intrusions into water treatment plants in five Polish towns: Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo. In each case, the hackers reached the control systems—the computerized equipment that actually runs the facilities. They gained the ability to change how these systems operate, which could disrupt water supply to entire communities.

This is a step beyond what hackers normally do. Usually, they try to steal information or plant malware that stays hidden. Here, the attackers have positioned themselves to actually manipulate the machinery that millions of people depend on daily.

How Russia Is Waging This Campaign

Poland's intelligence agency describes Russian operations as far more complex than simple computer attacks. Russia uses multiple approaches at once: state-backed hackers, activist groups, criminal gangs, and large-scale propaganda campaigns that portray Poland and the West as threats.

In the Baltic Sea region, the campaign has expanded to include drones and other automated systems. This represents an evolution in how Russia conducts what intelligence analysts call "hybrid warfare"—a combination of military, cyber, information, and criminal tactics working together.

This pattern is not entirely new. During the Cold War in the 1980s, Soviet intelligence services used multiple layers of attack—technical espionage, propaganda, and proxy groups. What has changed is the scale and sophistication. Today's attacks operate at a speed and complexity that would have been impossible before the internet.

Why Water Systems Are Vulnerable

The successful hacking of Polish water facilities reveals a widespread problem: many of these systems were built to be reliable, not secure. Water treatment plants use specialized computers called industrial control systems—think of them as the brains and hands of the facility, directly operating pumps, valves, and chemical dosing equipment.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) documented a similar attack in November 2023 on American water facilities. In those cases, hackers used weak passwords and the fact that some control systems were directly connected to the internet. Once inside, they could change settings or disrupt operations.

Russian military hackers have used a playbook for these attacks: they first break into smaller facilities or supply company networks, set up secret accounts for themselves, and install hidden files. This gives them a foothold. They then use that access to move deeper into the network toward bigger targets like power plants.

The Scope Goes Beyond Poland

Russian military intelligence has also targeted Western companies that ship supplies to Ukraine, according to the U.S. National Security Agency. The attackers tried to access security cameras near the Ukrainian border and broke into defense, transportation, and logistics companies across multiple countries.

The campaign extends to the United States. In Muleshoe, Texas, hackers broke into a water system in a way that caused it to overflow, affecting roughly 5,000 residents. U.S. cybersecurity researchers linked this to Russian military hackers, suggesting coordination between official intelligence services and independent hacker groups.

In Poland, officials have attributed additional attacks to Russian intelligence agencies. In December, hackers struck 30 renewable energy facilities across the country. Poland's Deputy Prime Minister called the situation an ongoing cyberwar and announced in August that the country had stopped a major attack on a large city's water and sewage system.

What This Means

The attacks demonstrate that Russian hackers can do more than spy. They have proven they can access the machinery that keeps cities running. This shifts the threat from information theft to potential disruption of essential services—water, electricity, heating.

The pattern of activity suggests this is not random. State-sponsored hackers are working alongside independent hacker groups and activists in what appears to be a coordinated campaign. Using independent groups may give Russia a way to deny responsibility while still achieving military or political goals.

What matters for defense is this: traditional computer security—firewalls, passwords, antivirus software—is not enough when attackers are this organized and sophisticated. Infrastructure systems need multiple layers of protection, including monitoring for unusual behavior, isolating critical equipment from the internet, and preparing for attacks that might come through trusted business partners or communications channels.

Looking ahead, as attackers add drones and automated systems to their toolkit, and as they become harder to trace back to Russia, infrastructure operators will face increasingly complex challenges. Organizations managing water, power, and other essential services need to prepare for adversaries that combine cyber tactics, physical threats, and information campaigns all at once.