Poland warns of cyberattacks on water plants as similar threats grow in the US

Poland’s intelligence agency has revealed that hackers targeted five water treatment facilities in the country in attacks that could have allowed intruders to take control of industrial systems and potentially interfere with water safety operations. The warning comes as governments around the world continue to face growing cyber threats against critical infrastructure, particularly water and energy systems.

In a report published Friday, Poland’s Internal Security Agency outlined a range of security threats and operations carried out over the past two years. The agency said it had disrupted multiple sabotage attempts linked to Russian intelligence services and associated hackers targeting military sites, civilian infrastructure, and essential public systems.

According to the report, the attacks included efforts targeting water treatment plants, where hackers may have gained access to industrial control equipment used to manage facility operations.

Officials warned that, in a worst-case scenario, such access could have enabled attackers to compromise the safety and quality of the water supply.

“The most serious challenge remains the sabotage activity against Poland, inspired and organised by Russian intelligence services,” the report stated. “This threat was (and is) real and immediate. It requires full mobilisation.”

The agency did not directly confirm whether the hackers involved in the water plant attacks were connected to Russia. However, Poland has increasingly become a target of cyber operations linked to Russian state-backed groups, particularly since the war in Ukraine intensified regional tensions.

The report also referenced earlier cyber incidents aimed at disrupting Poland’s energy infrastructure, including a failed attack on the country’s power grid. Authorities later determined that weak security controls at affected facilities contributed to the vulnerability. The situation in Poland reflects a broader global trend in which water and utility infrastructure are becoming a frequent target of cyberattacks.

The United States has faced similar incidents in recent years. In 2021, hackers briefly gained remote access to a water treatment facility in Oldsmar, Florida, and attempted to raise sodium hydroxide levels in the water system to dangerous amounts. Sodium hydroxide is a highly caustic chemical commonly used in water treatment.

Following that incident, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned that many water utilities in the U.S. remained vulnerable because of outdated systems and weak cybersecurity protections.

More recently, federal agencies in the U.S. issued another warning about cyber threats against industrial control systems. Last month, CISA, the FBI, the NSA, and several other agencies released a joint advisory stating that Iranian-backed hackers were actively targeting programmable logic controllers, or PLCs, which are industrial computers used to operate water and energy facilities. The advisory referenced activity linked to the Iranian hacking group CyberAv3ngers, which previously breached digital control systems at several water treatment facilities in Pennsylvania in 2023. U.S. authorities connected those attacks to escalating tensions in the Middle East.

Security analysts say the attacks against Poland fit into a wider strategy increasingly used by hostile governments and cyber groups to destabilise infrastructure in Western countries. Polish intelligence officials warned that cyberattacks and cyberespionage are being used alongside broader sabotage efforts to weaken public trust and disrupt essential services.

The agency said such threats remain ongoing and require constant monitoring and defensive measures, especially as industrial systems connected to water, power, and transportation networks become increasingly digitally connected and exposed to cyber risks.