Poland says hackers breached water treatment plants, and the U.S. is facing the same threat
Source: TechCrunch
Poland’s intelligence service detected attacks on five water‑treatment plants, where hackers could have taken control of industrial equipment and, in the worst case, tampered with the safety of the water supply.
U.S. Water‑Infrastructure Threats
In 2021, a hacker briefly accessed a water‑treatment plant in Oldsmar, Florida and attempted to raise the level of sodium hydroxide—a caustic chemical—to dangerous concentrations. Since then, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have warned that water utilities remain a soft target for foreign hackers.
Poland’s Internal Security Agency Report
On Friday, Poland’s Internal Security Agency (the country’s top intelligence agency) published a report covering the last two years of operations and threats. The report states that Polish intelligence thwarted multiple sabotage attempts by Russian government spies and hackers targeting:
- Military facilities
- Critical infrastructure (power grids, water supplies, transportation networks)
- Civilian targets
“The most serious challenge remains the sabotage activity against Poland, inspired and organized by Russian intelligence services. This threat was (and is) real and immediate. It requires full mobilization,” the report reads.
The report did not specify whether the water‑treatment plant attackers were Russian spies, but Poland has recently faced several Russian‑government‑linked attempts, including a failed effort to bring down the country’s energy grid. That breach was later attributed to poor security controls at the targeted facilities.
Global Pattern of Attacks on Water and Energy Infrastructure
A joint advisory from CISA, the FBI, the NSA, and other federal agencies warned that Iranian‑backed hackers are actively targeting programmable logic controllers—the industrial computers that run water and energy facilities—at U.S. utilities. The same Iranian group, CyberAv3ngers, previously breached digital control panels at multiple U.S. water‑treatment plants in Pennsylvania in 2023, an activity linked to escalating hostilities in the Middle East.
Strategic Context
The attacks against Poland are not isolated incidents. They reflect a broader strategy employed by the Russian government both in war zones such as Ukraine and against Western nations it perceives as long‑standing adversaries. According to Polish intelligence, the goal is to destabilize and weaken the West, using cyberattacks and cyber‑espionage as tools within a larger geopolitical toolkit.