Poland warns of cyberattacks targeting water treatment facilities

According to SecurityWeek, Poland’s Internal Security Agency (ABW) warned in a recent report about a significant rise in cyberattacks targeting industrial control systems and OT infrastructure, particularly within the water supply sector during 2024 and 2025. The report states that water treatment facilities in several Polish municipalities, including Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo, were compromised.

In several incidents, attackers reportedly gained access to industrial control systems and obtained the ability to alter operational equipment parameters, creating risks for operational continuity and public water supply safety. ABW identified weak password practices and internet-exposed systems without adequate protection as the main factors enabling the intrusions.

The report warns that cyberattacks are increasingly shifting from data theft toward attempts to physically disrupt critical infrastructure operations. In addition to water systems, authorities also documented attacks targeting wastewater treatment facilities and waste incineration plants.

ABW further noted that supply chain organizations were also targeted, with attackers seeking access to project documentation, contract data, and authentication credentials that could enable deeper access into infrastructure systems. Polish authorities primarily attribute the activity to hacktivist groups linked to foreign governments, specifically naming Russian groups APT28 and APT29, as well as the Belarus-linked UNC1151 actor.