Polish Water Treatment Plants Targeted in Coordinated Cyberattacks
Poland’s Internal Security Agency (ABW) has revealed a sustained campaign of cyberattacks against the country’s critical infrastructure, including water treatment plants, with potential risks to public safety. A recent report documented over 40,000 malicious cyber activities between 2024 and 2025, ranging from espionage to sabotage, many linked to Russian and Belarusian hackers.
The ABW found that hackers breached water treatment facilities in five Polish towns Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo gaining control of industrial systems. In one incident, a pro-Kremlin hacktivist group compromised the Jabłonna Lacka plant by altering technical parameters, setting critical levels to extremes while disabling alarms. Similar attacks targeted Szczytno and SUW Małdyty, raising concerns about water quality manipulation.
The report highlights a broader pattern of Russian-backed cyber operations against NATO and EU states, with Poland as a primary target. ABW investigations into espionage surged in 2025, with 48 cases opened up from just six in 2022. Other critical sectors, including military facilities, power grids, and transport networks, have also been hit. In December 2025, Russian hackers launched one of the most severe attacks on Poland’s infrastructure, attempting to disrupt the power grid and communications.
Security experts warn that many industrial control systems remain vulnerable due to poor security practices, such as default passwords, exposed remote management systems, and unsecured internet-facing devices. The ABW emphasized that these attacks are not opportunistic but part of a coordinated intelligence operation, with critical infrastructure as a central focus.
The Polish incidents follow a global trend of escalating cyber threats to water and wastewater systems. In 2024, a Kansas water facility suffered a ransomware attack, while U.S. agencies have repeatedly warned of state-sponsored threats, including Iranian and Chinese hackers targeting similar infrastructure. The ABW’s findings underscore the growing risk of cyber-physical attacks with potentially life-threatening consequences.
Suzu Labs cybersecurity rating report: https://www.rankiteo.com/company/suzu-labs
SmartFlow by Future Processing cybersecurity rating report: https://www.rankiteo.com/company/get-flow
"id": "SUZGET1779121510",
"linkid": "suzu-labs, get-flow",
"type": "Cyber Attack",
"date": "1/2024",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'critical infrastructure',
'location': 'Jabłonna Lacka, Poland',
'name': 'Jabłonna Lacka water treatment plant',
'type': 'water treatment facility'},
{'industry': 'critical infrastructure',
'location': 'Szczytno, Poland',
'name': 'Szczytno water treatment plant',
'type': 'water treatment facility'},
{'industry': 'critical infrastructure',
'location': 'Małdyty, Poland',
'name': 'SUW Małdyty water treatment plant',
'type': 'water treatment facility'},
{'industry': 'critical infrastructure',
'location': 'Tolkmicko, Poland',
'name': 'Tolkmicko water treatment plant',
'type': 'water treatment facility'},
{'industry': 'critical infrastructure',
'location': 'Sierakowo, Poland',
'name': 'Sierakowo water treatment plant',
'type': 'water treatment facility'}],
'attack_vector': ['compromised industrial systems',
'exposed remote management systems',
'default passwords'],
'description': 'Poland’s Internal Security Agency (ABW) revealed a sustained '
'campaign of cyberattacks against the country’s critical '
'infrastructure, including water treatment plants, with '
'potential risks to public safety. Over 40,000 malicious cyber '
'activities were documented between 2024 and 2025, many linked '
'to Russian and Belarusian hackers. Hackers breached water '
'treatment facilities in five Polish towns, gaining control of '
'industrial systems and altering technical parameters in some '
'cases.',
'impact': {'operational_impact': 'water quality manipulation, disabled alarms',
'systems_affected': ['water treatment plants',
'industrial control systems']},
'investigation_status': 'ongoing',
'lessons_learned': 'Industrial control systems remain vulnerable due to poor '
'security practices such as default passwords, exposed '
'remote management systems, and unsecured internet-facing '
'devices.',
'motivation': ['intelligence operation',
'disruption of critical infrastructure'],
'post_incident_analysis': {'root_causes': ['poor security practices',
'unsecured internet-facing devices',
'default passwords']},
'references': [{'source': 'Poland’s Internal Security Agency (ABW) report'}],
'threat_actor': ['Russian hackers',
'Belarusian hackers',
'pro-Kremlin hacktivist group'],
'title': 'Polish Water Treatment Plants Targeted in Coordinated Cyberattacks',
'type': ['espionage', 'sabotage'],
'vulnerability_exploited': ['poor security practices',
'unsecured internet-facing devices',
'default passwords']}