Pro-Russian Hackers Targeted Swedish Power Plant in 2025 Cyberattack
In spring 2025, a suspected pro-Russian hacker group attempted to disrupt operations at a thermal power plant in western Sweden, according to Swedish Minister for Civil Defense Carl-Oskar Bohlin. The attack, which targeted the plant’s operational technology (OT) systems industrial software controlling critical infrastructure was thwarted by the facility’s built-in security measures.
Sweden’s security service linked the perpetrators to Russian intelligence services, aligning with a broader pattern of cyber threats against Europe’s energy sector. Similar incidents have been reported in Norway, Denmark, and Poland, where a Russia-affiliated group, Sandworm, deployed data-wiping malware in an attack on the power grid last year, risking widespread blackouts.
Bohlin noted a tactical shift among pro-Russian hackers, who have moved from denial-of-service attacks to more destructive cyber operations. The incident underscores growing concerns over Russian cyber activity targeting critical infrastructure in nations supporting Ukraine. U.S. authorities have also warned of Russian-backed groups, including CyberArmyofRussia_Reborn and NoName057(16), targeting energy, water, and food production sectors across the West.
While Ukraine has faced persistent cyberattacks on its energy infrastructure, recent intrusions appear focused on intelligence gathering to support missile strikes rather than immediate disruptions. The Swedish case highlights the escalating threat to industrial control systems, where successful breaches could have severe societal consequences.
Source: https://therecord.media/sweden-hackers-russia-power-plant
Blykalla cybersecurity rating report: https://www.rankiteo.com/company/blykalla
"id": "BLY1776263363",
"linkid": "blykalla",
"type": "Cyber Attack",
"date": "3/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Energy',
'location': 'Western Sweden',
'type': 'Thermal Power Plant'}],
'attack_vector': 'Operational Technology (OT) systems',
'date_detected': '2025-03-01',
'date_publicly_disclosed': '2025-03-01',
'description': 'In spring 2025, a suspected pro-Russian hacker group '
'attempted to disrupt operations at a thermal power plant in '
'western Sweden by targeting the plant’s operational '
'technology (OT) systems industrial software controlling '
'critical infrastructure. The attack was thwarted by the '
'facility’s built-in security measures.',
'impact': {'operational_impact': 'Potential disruption of power plant '
'operations',
'systems_affected': 'Operational Technology (OT) systems, '
'industrial software'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident underscores growing concerns over Russian '
'cyber activity targeting critical infrastructure in '
'nations supporting Ukraine. There is a tactical shift '
'among pro-Russian hackers from denial-of-service attacks '
'to more destructive cyber operations.',
'motivation': 'Disruption of critical infrastructure, intelligence gathering',
'post_incident_analysis': {'root_causes': 'Pro-Russian hacker group linked to '
'Russian intelligence services '
'targeting critical infrastructure'},
'references': [{'source': 'Swedish Minister for Civil Defense Carl-Oskar '
'Bohlin'}],
'response': {'containment_measures': 'Built-in security measures',
'incident_response_plan_activated': 'Yes'},
'threat_actor': 'Pro-Russian hacker group linked to Russian intelligence '
'services',
'title': 'Pro-Russian Hackers Targeted Swedish Power Plant in 2025 '
'Cyberattack',
'type': 'Cyberattack on Critical Infrastructure'}