Poland says hackers breached water therapy vegetation, and the U.S. is dealing with the identical risk

Poland’s intelligence service said it detected attacks on five water treatment plants where hackers could have taken control of the industrial equipment inside, including, in the worst case, tampering with the safety of the water supply.

The story is relevant beyond Poland’s borders: U.S. water infrastructure has faced similar threats in recent years. In 2021, a hacker briefly gained access to a water treatment plant in Oldsmar, Florida and attempted to increase the level of sodium hydroxide — a caustic chemical — to dangerous levels. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have since warned that water utilities remain a soft target for foreign hackers.

On Friday, Poland’s Internal Security Agency, the country’s top intelligence agency, published a report covering the last two years of the agency’s operations and threats the country faced. The report said Polish intelligence thwarted multiple acts of sabotage from Russian government spies and hackers, who targeted military facilities, critical infrastructure (essential systems such as power grids, water supplies, and transportation networks), as well as civilian targets. These attacks, according to the report, may have resulted in fatalities.  

“The most serious challenge remains the sabotage activity against Poland, inspired and organized by Russian intelligence services. This threat was (and is) real and immediate. It requires full mobilization,” read the report.

The report did not specify whether the hackers behind the attacks on the water treatment facilities were Russian government spies. But Poland has recently been the target of several attempts by Russian government hackers to attack its infrastructure, including a failed attempt to bring down the country’s energy grid. That breach was later attributed to poor security controls at the targeted facilities.

Poland’s experience is part of a growing global pattern of attacks on water and energy infrastructure. As recently as last month, a joint advisory from the Cybersecurity and Infrastructure Security Agency, the FBI, the NSA, and several other federal agencies warned that Iranian-backed hackers are actively targeting programmable logic controllers — the industrial computers that run water and energy facilities — at U.S. utilities. The same Iranian hacking group, CyberAv3ngers, previously broke into digital control panels at multiple U.S. water treatment plants in Pennsylvania in 2023, in attacks that federal agencies linked to escalating hostilities in the Middle East.

In other words, the attacks against Poland are not unique, they follow a strategy that the Russian government is applying both in war zones such as Ukraine, as well as against Western countries that it sees as longstanding enemies. The plan, according to Polish intelligence, is to destabilize and weaken the West, and cyberattacks and cyberespionage are just tools in a larger toolkit for Putin’s regime.