Russian Hackers Attack Hydroelectric Power Plant in Poland

Polish industrial control systems (ICS/OT), which manage critical infrastructure, are regularly targeted by Russian hacktivists. This time, a hydroelectric power plant was attacked.

This was reported by the CyberDefence24.

In August, Russian hacktivists again targeted a small hydroelectric power plant in the Pomeranian Voivodeship, near Gdansk.

Over the past few months, the CyberDefence24 has reported attacks on:

• water treatment plant in Szczytno (May 2025);
• water treatment plants in Maldyty, Tolkmiczko, Sieraków (April 2025);
• wastewater treatment plants in Witków (April 2025);
• wastewater treatment plants in Kużnica (October 2024);
• pools and fountains (August 2025);
• a small hydroelectric power plant in the Pomeranian Voivodeship (May 2025).

On August 12, pro-Russian hacktivists published a recording of a repeated attack at the same power plant. As in most attacks, they set operational parameters to the minimum or maximum values, causing the generator and rotor to stop.

“Footage from August showed manipulation of the parameters of an operating power plant, which is alarming from the perspective of energy security,” the publication noted.

In August, Deputy Prime Minister of Poland Krzysztof Gawkowski reported that authorities had prevented a cyberattack on the water supply system in a major city, which could have cut off residents’ access to water.

“We managed to stop the attack at the last minute, so our services learned about it just as it was starting,” he told Onet Rano.

Earlier in August, it was reported that the Russian hacker group Secret Blizzard (a unit of the 16th FSB Center) had been infecting devices used by diplomatic staff connected to Russian Internet providers with the ApolloShadow spyware.

According to Microsoft, the Russian intelligence campaign has been ongoing since 2024, targeting foreign embassies, diplomatic institutions, and other sensitive organizations in Moscow.

ApolloShadow disguises itself as antivirus software and forges root certificates, allowing it to intercept and modify even encrypted data traffic.

The program can also collect logins, passwords, authentication tokens, and other sensitive information, and create accounts with administrator privileges. This gives hackers persistent access to infected devices and enables covert surveillance.