Poland’s domestic intelligence service confirmed that attackers breached water treatment facilities in five towns in 2025 with industrial control systems compromised in several cases. The attacks disrupted water supplies for thousands of residents and mark a clear escalation in targeting critical infrastructure, according to officials from the ABW internal security agency and CERT Polska.
The intelligence service reported that cyber threats against Poland intensified sharply over the past two years with more than 40,000 potential cybersecurity incidents recorded during the reporting period. Poland now faces between 20 and 50 cyberattacks on critical infrastructure daily, most targeting hospitals and municipal water systems according to Deputy Minister for Digital Affairs Dariusz Standerski.
One Attack Cut Water for Six Hours
CERT Polska head Marcin Dudek confirmed that one water treatment plant attack involved changing pump settings which “led to the depletion of resources in the tank and consequently caused an interruption in water supply.” The incident cut water for approximately 2,500 residents for six hours, the most severe operational impact documented so far.
The attacks demonstrate “the plausibility of interference with real-world hydraulic parameters,” according to West Point’s Lieber Institute analysis. Most involved low-to-mid-level compromises where attackers accessed SCADA panels, tweaked operational settings and posted video evidence online for propaganda purposes.
Polish officials consistently point to Russia-aligned activity but stop short of formal attribution. CyberDefence24 linked several incidents to pro-Russian hacktivist groups that posted propaganda videos showing manipulation of water treatment parameters at facilities in Szczytno, Małdyty, Tolkmicko, Sierakowo and Kuźnica.
The Security Gap That Makes This Possible
Most breaches exploited weak authentication including passwords like “111111” and “123456” protected industrial control systems. Dudek explained that many facilities were built under maintenance contracts that expired without cybersecurity provisions, leaving municipalities unable to afford security upgrades from original vendors.
This is not sophisticated espionage. The August attack that nearly cut water to one of Poland’s 10 largest cities succeeded through basic social engineering and exposed network access, not advanced persistent threat techniques. Such incidents highlight structural vulnerabilities rather than zero-day exploits.
Polish Deputy Prime Minister Krzysztof Gawkowski captured the shift in modern conflict, “No Russian planes will fly into Warsaw nor will tanks roll in, instead their digital counterparts will appear.” The timing matters as many attacks coincided with extreme weather when heating systems and public services were under maximum strain.
The €1 Billion Response
Poland allocated €80 million this month specifically to strengthen water management cybersecurity as part of raising the national cybersecurity budget from €600 million in 2024 to €1 billion in 2026. Four major water utilities including MPWiK Warszawa, MPWiK Wrocław, Aquanet Poznań and Kraków City Waterworks, launched the “ISAC Wod-Kan” information sharing platform in September.
CERT Polska now handles over 1,800 incident reports daily with 260,000 unique security incidents recorded in 2025, a 152% increase from the previous year. The government claims a 99% success rate in thwarting attacks on critical infrastructure though several hospital breaches forced temporary shutdowns.
The question remains whether Poland’s accelerated investment will close the gap before attackers move beyond propaganda stunts to sustained service disruption. Water systems face structural challenges such as legacy control networks, 24/7 availability requirements and limited patching windows that money alone cannot solve quickly.
References
- Polish intelligence warns hackers attacked water treatment control systems
- When Red Lines Cross Blue Lines: Cyber Attacks on Poland’s Water Infrastructure
- Ataki na wodociągi. Szef CERT Polska o realnych skutkach
- Poland faces record wave of Russian cyber sabotage, sets €1 billion defense budget
- Water Systems Under Attack: Norway, Poland Blame Russia Actors
This post is also available in:
Svenska
Related News
South Staffordshire Water Fined £964,000 After Hackers Lurked Undetected for Two Years
The Information Commissioner's Office fined South Staffordshire Water £963,900 on Monday after the Cl0p ransomware group remained inside its network for nearly two years, exposing…
May 12, 2026 
Europol Warns Middle East Conflict Raises EU Terror Threat
March 10, 2026