ACCORDING to ABW, Poland’s Internal Security Agency, hackers breached ICS at five water treatment plants in 2025, marking one of Europe’s clearest state-linked incursions into industrial control systems managing public water supplies. The affected sites were located in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo, where attackers gained the ability to alter operational parameters in real time, threatening the continuity of water services.
The report emphasises that these were not sophisticated zero-days but security failures, with weak password policies and management interfaces exposed directly to the internet enabling access to OT and ICS environments. Attribution points east, with ABW identifying Russian APT groups APT28 and APT29, along with UNC1151, a Belarusian-aligned group linked to Ghostwriter, as among the most active state-linked actors targeting European targets.
The incident is described as a digital sabotage rather than data theft, underscoring broader concerns about basic cyber hygiene in critical infrastructure. The piece was published on 8 May 2026.