ACCORDING to ABW, Poland’s Internal Security Agency, there was a significant escalation in cyberattacks on industrial control systems and other OT infrastructure targeting the water sector during 2024 and 2025, with attackers sometimes gaining access to ICS at water treatment facilities and even obtaining the ability to modify equipment parameters, posing a direct risk to public water supply.
In 2025, the agency recorded security breaches at water treatment stations in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo, with intrusions enabling manipulation of operational parameters in some cases. The report identified two primary attack vectors: weak password policies and systems directly exposed to the internet, described as longstanding OT security hygiene failures that were also leveraged in a Russia-linked attack on Polish energy facilities.
ABW attributed primary responsibility to hacktivist groups, though these are often personas used by foreign governments, particularly Russian intelligence services; the report also names Russian APT groups such as APT28 and APT29, and Belarusian-linked UNC1151 as operating against Polish targets. An August 2025 disclosure noted that a cyberattack could have caused a city to lose its water supply, but it was thwarted.