A suspected pro-Russian hacker group attempted to disrupt operations at a thermal power plant in western Sweden in the spring of 2023, according to **Carl-Oskar Bohlin**, Sweden’s minister for civil defense. During a press conference in Stockholm, Bohlin stated that the attempted intrusion was unsuccessful due to the facility’s built-in security protections. The specific plant targeted was not disclosed. The incident is under investigation by Sweden's security service, which has identified alleged perpetrators believed to have links to Russian intelligence services. ### Escalating Cyber Threats in Europe The incident aligns with a pattern of cyber activity targeting the energy sector across Europe. Similar attempts have been recorded in neighboring Norway and Denmark, with Poland experiencing a larger-scale attack. European officials have increasingly warned about **Russia**-linked cyber operations targeting critical infrastructure, particularly in countries supporting **Ukraine**. According to Swedish officials, the operation reflects a shift in tactics by pro-Russian hacker groups, which previously focused primarily on denial-of-service attacks. "These groups that once carried out denial-of-service attacks are now attempting destructive cyberattacks against organizations in Europe," Bohlin said. ### Targeting Operational Technology The attempted intrusion targeted an operational technology (OT) system, the industrial software that controls physical infrastructure such as power plants, water facilities, and manufacturing equipment. "If these systems are disrupted, destroyed, or remotely controlled by a threat actor, the consequences for society can be significant," Bohlin warned. Last year, **Poland** reported that its power grid had been targeted by the **Sandworm** hacking group in an attack that used data-wiping malware. **Ukraine** has also reported persistent cyber operations against its energy sector, with recent intrusions focused on gathering intelligence for potential missile strikes. In a joint advisory last year, U.S. authorities warned that several Russian government-backed groups — including CyberArmyofRussia_Reborn and NoName057(16) — have been targeting Western infrastructure operators in sectors such as energy, water, and food production.