In April 2025, pro-Russian hackers breached the **Lake Risevatnet dam** in Bremanger, Norway, by exploiting a weak password in its web-accessible control system. The attackers remotely opened a water valve, releasing **500 liters per second for four hours** before detection. While no injuries or structural damage occurred, the incident exposed critical vulnerabilities in Norway’s infrastructure, amplifying public fear as part of Russia’s **hybrid warfare campaign** targeting Europe. A pro-Russian group later posted a video on Telegram claiming responsibility, showcasing the dam’s control panel. Norwegian authorities, including the **Police Security Service (PST)**, linked the attack to broader Russian efforts to destabilize Western nations through cyber means. The breach underscored systemic risks in **industrial control systems (ICS)**, with 73% of such systems in Europe and the U.S. reported as vulnerable in 2024. Though the physical impact was minimal, the attack demonstrated the potential for **disruption of essential services** and psychological manipulation, aligning with Russia’s strategy of sowing chaos without direct military confrontation.
Source: https://hackread.com/norway-blames-pro-russian-hackers-for-dam-cyberattack/
TPRM report: https://www.rankiteo.com/company/sognogfjordaneenergi
"id": "sog731081425",
"linkid": "sognogfjordaneenergi",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Water Management / Critical '
'Infrastructure',
'location': 'Bremanger, Norway',
'name': 'Bremanger Municipality (Lake Risevatnet Dam)',
'type': 'Government (Municipal Infrastructure)'}],
'attack_vector': ['Weak Password Exploitation',
'Remote Access Exploitation',
'Web-Accessible Control Panel'],
'date_detected': '2025-04',
'date_publicly_disclosed': '2025-06',
'date_resolved': '2025-04',
'description': 'Norwegian authorities have officially blamed pro-Russian '
'hackers for a cyberattack on the Lake Risevatnet dam in '
'Bremanger municipality in April 2025. The attackers exploited '
'a weak password in the dam’s remote-control system, opening a '
'water valve for four hours and releasing 500 liters of water '
'per second. The incident was part of a broader hybrid warfare '
'campaign by Russia, aimed at causing fear and chaos. A '
'pro-Russian cyber group posted a video on Telegram taking '
'credit for the attack. The breach highlighted critical '
'vulnerabilities in industrial control systems (ICS) and was '
'linked to a wider pattern of over 70 incidents across Europe '
'attributed to Russia.',
'impact': {'brand_reputation_impact': ['Highlighted Security Vulnerabilities '
'in Critical Infrastructure',
'Public Fear and Distrust in '
'Infrastructure Security'],
'downtime': '4 hours (water valve left open)',
'operational_impact': ['Uncontrolled Water Release (500 '
'liters/second)',
'Temporary Loss of Control Over Dam '
'Operations'],
'systems_affected': ['Dam Control System (Lake Risevatnet)',
'Remote-Control Panel']},
'initial_access_broker': {'entry_point': 'Web-Accessible Control Panel with '
'Weak Password',
'high_value_targets': ['Critical Infrastructure '
'(Dams, Water Systems)',
'Operational Technology (OT) '
'Networks']},
'investigation_status': 'Ongoing (Attribution to pro-Russian hackers '
'confirmed by Norwegian authorities; Russian '
'government denies involvement)',
'lessons_learned': ['Critical infrastructure systems with web-accessible '
'control panels are high-value targets for state-backed '
'actors.',
'Weak passwords in operational technology (OT) '
'environments can lead to severe physical consequences, '
'even without advanced cyber techniques.',
'Hybrid warfare tactics increasingly leverage '
'cyberattacks to create psychological effects (fear, '
'chaos) rather than direct physical destruction.',
'Proactive monitoring and public-private threat '
'intelligence sharing are essential to counter '
'state-sponsored cyber threats.',
'Multi-factor authentication (MFA) and network '
'segmentation should be mandatory for all critical '
'infrastructure systems.'],
'motivation': ['Hybrid Warfare',
'Psychological Impact (Fear and Chaos)',
'Demonstration of Capabilities',
'Geopolitical Influence'],
'post_incident_analysis': {'corrective_actions': ['Norwegian government '
'mandated password policy '
'updates for all municipal '
'critical infrastructure.',
'PST recommended '
'disconnecting '
'non-essential OT systems '
'from the internet.',
'Increased collaboration '
'between Norway’s '
'cybersecurity agency (NSM) '
'and municipalities for '
'threat intelligence '
'sharing.',
'Plans to deploy behavioral '
'analytics for ICS/OT '
'environments to detect '
'unauthorized access.'],
'root_causes': ['Use of default or weak passwords '
'for critical infrastructure '
'control systems.',
'Lack of network segmentation '
'between OT and IT systems.',
'Insufficient monitoring of '
'remote-access logs for anomalous '
'activity.',
'Geopolitical tensions increasing '
'the likelihood of state-sponsored '
'cyber-physical attacks.']},
'recommendations': ['Implement MFA for all remote-accessible control systems '
'in critical infrastructure.',
'Conduct regular vulnerability assessments for industrial '
'control systems (ICS) and operational technology (OT).',
'Isolate OT networks from the internet or place them '
'behind robust firewalls with strict access controls.',
'Establish real-time monitoring for anomalous behavior in '
'dam and water management systems.',
'Develop cross-border cybersecurity cooperation to '
'counter hybrid warfare campaigns targeting Europe.',
'Enhance public awareness campaigns about the risks of '
'cyber-physical attacks on critical infrastructure.',
'Mandate cybersecurity audits for municipalities managing '
'dams, water facilities, and other high-risk '
'infrastructure.'],
'references': [{'date_accessed': '2025-06',
'source': 'Hackread.com',
'url': 'https://www.hackread.com/norway-russia-hackers-dam-bremanger/'},
{'date_accessed': '2025-06',
'source': 'VG.no (Norwegian News)',
'url': 'https://www.vg.no'},
{'date_accessed': '2025-06',
'source': 'Associated Press (AP)',
'url': 'https://apnews.com/hub/russia-ukraine'},
{'date_accessed': '2025-06',
'source': 'Norwegian Police Security Service (PST) Public '
'Statement'}],
'response': {'communication_strategy': ['Public Disclosure by Norwegian '
'Police Security Service (PST)',
'Media Coverage (Hackread.com, '
'Associated Press)'],
'containment_measures': ['Manual Shutdown of Water Valve',
'Disconnection of Compromised Control '
'Panel'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Restoration of Dam Control Systems',
'Password Policy Review']},
'stakeholder_advisories': ['Norwegian government warned municipalities to '
'review cybersecurity measures for critical '
'infrastructure.',
'Norwegian Intelligence Service (NIS) advised '
'heightened vigilance against Russian hybrid '
'threats.'],
'threat_actor': ['Pro-Russian Hackers',
'Suspected State-Backed Group (Russia)'],
'title': 'Pro-Russian Hackers Breach Bremanger Dam in Norway, Open Water '
'Valve for 4 Hours',
'type': ['Cyberattack',
'Unauthorized Access',
'Critical Infrastructure Compromise',
'Hybrid Warfare'],
'vulnerability_exploited': ['Weak Password in Remote-Control System',
'Lack of Multi-Factor Authentication (MFA)',
'Exposed Web-Accessible Operational Technology '
'(OT) System']}