## Cyberattacks Target Polish Water Treatment Facilities A recent public report by the **ABW** details cyber intrusions into water treatment plants in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo. Attackers successfully accessed industrial control systems, potentially enabling them to manipulate critical technical parameters and disrupt water supplies. According to the report, "Attackers, gaining access in some cases to industrial control systems, had the ability to alter technical parameters of devices," creating “a direct risk” to the continuity of water supply operations. ## Allegations of Russian Involvement While the **ABW** refrained from directly attributing the attacks to a specific group or nation, the report emphasizes heightened hostile cyber activity targeting Poland, particularly from the "special services of the Russian Federation." This aligns with Poland's increasing role as a logistics hub for Western military aid to Ukraine and its repeated accusations against Russian intelligence for sabotage, cyberattacks, and disinformation campaigns. Previously, **CyberDefence24**, a Polish cybersecurity publication, connected some of these water facility incidents to a pro-Russian hacktivist group known for posting propaganda videos of their intrusions. They reported instances of attackers altering pump and alarm settings after compromising administrator accounts. ## Broader Campaign to Destabilize NATO and the EU The **ABW** report paints a picture of a long-term Russian campaign aimed at destabilizing **NATO** and **European Union** member states. This includes large-scale reconnaissance activities targeting military sites, critical infrastructure, and public facilities within Poland. Incidents such as the hacking of the national railway's communications network and an outage of the country's air traffic control system have fueled concerns about Russian attempts to disrupt daily life in Poland. ## Evolving Tactics and Increased Espionage The report highlights a shift in Russian tactics, moving from loosely recruited online operatives to more structured networks linked to organized crime. Recruiters are reportedly using encrypted messaging platforms and cryptocurrency payments to hire individuals for tasks often disguised as ordinary work. The **ABW** also reported a significant surge in espionage investigations, largely attributed to Russia and Belarus. The number of opened espionage investigations jumped from six in 2022 to 48 in 2025. The agency warned that Russian intelligence services are increasingly willing to accept civilian casualties in sabotage operations, potentially leading to rail or aviation disasters. ## Poland's Response Poland has responded to these threats through arrests, expulsions, and diplomatic measures, including the closure of three Russian consulates since late 2024. **Col. Rafał Syrysko**, the chief of the **ABW**, announced the agency's intention to resume regular public reporting on national security threats, marking the first such summary since 2014.