Poland is grappling with a surge of cyberattacks targeting its industrial control systems (ICS) and operational technology (OT) infrastructure, particularly impacting water treatment facilities. The nation’s Internal Security Agency (ABW) has reported a significant increase in these incidents during 2024 and 2025, with state-sponsored attackers focusing on disrupting essential services.
Escalating Threats to Water Infrastructure
In August 2025, a Polish official disclosed a thwarted cyberattack that could have disrupted a city’s water supply. While technical specifics were not provided at the time, new insights from ABW detail these threats. The agency’s latest report, published in Polish, emphasizes the vulnerabilities within the country’s water sector.
According to ABW, the most concerning breaches involved direct intrusions into ICS at various water treatment plants in municipalities such as Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo. In these cases, attackers managed to access systems, potentially altering equipment parameters and threatening both operational continuity and public water safety.
Identifying Key Vulnerabilities
The recent breaches highlight two primary vulnerabilities: weak password policies and systems exposed to the internet. These longstanding security issues have also been exploited in a recent Russia-linked attack on Poland’s energy facilities. Beyond water systems, ABW has observed an uptick in attacks on supply chains and other critical infrastructure, including wastewater and waste incineration utilities.
Attackers are particularly interested in acquiring contract data, project documentation, and authentication credentials, which could allow further system access. These breaches underscore the urgent need for improved cybersecurity measures across all critical infrastructure sectors.
Attribution and Implications
The ABW attributes most of these cyber incursions to hacktivist groups, often acting under the guise of foreign governments, notably Russian intelligence. The report names Russian APT groups such as APT28 and APT29, alongside Belarusian-linked UNC1151, as key players targeting Polish infrastructure.
This ongoing cyber threat landscape signifies a pressing challenge for Poland’s national security and highlights the importance of strengthening cybersecurity defenses to protect critical infrastructure. As the threat of cyberattacks persists, Poland must focus on enhancing its security protocols to safeguard its essential services and infrastructure.
Looking ahead, it is crucial for Polish authorities to remain vigilant and proactive in their cybersecurity efforts to mitigate potential disruptions to vital public services.
