Poland’s Internal Security Agency (ABW) disclosed that cyberattacks targeting ICS (industrial control systems) and public infrastructure escalated sharply through 2024 and 2025, with several incidents coming close to causing real-world disruption to essential services. In its newly published annual report, the agency identified that water treatment facilities in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo were breached during 2025. Investigators found that attackers gained access to the operational systems that control water treatment processes, systems designed to ensure the safe delivery of water to local communities.
One incident in August 2025 nearly caused a city to lose its water supply before authorities intervened and stopped the intrusion. Polish officials later confirmed the attack was not isolated. It was one of five separate compromises involving municipal water infrastructure, with intruders in some cases taking control of industrial equipment connected to treatment operations.
The disclosures add to growing concern across Europe that cyberattacks are increasingly moving beyond espionage and data theft toward attempts to disrupt physical systems that underpin daily life.
ABW also revealed it had disrupted multiple sabotage operations linked to Russian state-backed actors targeting military facilities, critical infrastructure, and civilian locations throughout Poland. The agency warned that some of the planned attacks carried the potential for loss of life.
The report paints a stark picture of how the threat landscape is evolving. Increasingly, the concern is not only about stolen information or encrypted networks, but about direct interference with systems that regulate electricity, water, transportation, and other essential services.
Security researchers say the mechanics behind many of these attacks are often far less sophisticated than commonly imagined. Rather than relying on advanced malware or rare zero-day vulnerabilities, attackers frequently exploit poorly secured industrial systems exposed to the internet, including devices protected by default passwords or outdated configurations.
Small utilities are proving especially vulnerable. Experts note that attackers often view smaller municipalities as attractive targets because they typically lack mature cybersecurity defenses while still offering symbolic and psychological impact if disrupted. In many cases, obscurity no longer acts as protection. Instead, it reduces the effort required to identify and compromise vulnerable systems.
Growing role of artificial intelligence is adding another layer of concern for defenders. In November, Anthropic disclosed that Chinese state-sponsored operators had used AI extensively during a campaign targeting roughly 30 organizations worldwide, with AI reportedly handling between 80 and 90 percent of operational tasks during the intrusion lifecycle.
Last week, industrial cybersecurity firm Dragos revealed details of an attempted intrusion involving a municipal water utility serving the Monterrey metropolitan area. According to the company, a commercially available AI system was able to identify industrial control systems within the target network even without prior operational technology or industrial control systems expertise.
That shift is becoming increasingly significant for critical infrastructure operators. Security teams previously relied, at least in part, on the assumption that attackers without specialized industrial knowledge would struggle to identify which systems controlled physical operations inside a plant. Analysts now warn that assumption is rapidly eroding as AI tools lower the technical barrier for targeting operational technology environments.
“People assume small water utilities are too obscure to be targeted,” Piotr Kupisiewicz, CTO at Elisity, wrote in an emailed statement. “The opposite is true. A 5,459-resident municipality is exactly the right size for this kind of attack, because it produces a propaganda video without forcing a serious response. Obscurity is no longer protection. Obscurity is a discount on the attacker’s targeting cost.”
He identified that “everyone is talking about AI in cybersecurity right now, and they should be. Anthropic disclosed in November that Chinese state-sponsored operators ran an attack across roughly thirty global targets where the AI performed 80 to 90 percent of the campaign. Two months later, Dragos disclosed an attempted intrusion at a municipal water utility serving the Monterrey metropolitan area, where a commercial AI identified the industrial control system on the company’s network without prior ICS or OT context.”
Kupisiewicz added that the protective assumption used to be that an attacker without specialized training would not know which computer in a water plant matters. That assumption is gone. The attacker has the expert with them now.
“The Jabłonna Lacka video shows Zalogowany: admin and a deliberate parameter set,” Kupisiewicz detailed. “Overflow alarm minimized, low-level alarm minimized, deep-well pump start and stop thresholds maximized, filter-flush threshold maximized, hydrofor dry-run threshold and hysteresis maximized. Pump modes toggled across off, manual, regeneration. Tank levels rose 11 cm and 9 cm during the active session. That is not random vandalism. The configuration was designed to suppress alarms while pushing the pump and filter assemblies into unsafe operating envelopes. The operator was technically literate. The defender’s telemetry was not.”
Another issue that Kupisiewicz touched upon is that living off the HMI is now the dominant tradecraft against water. “Bespoke ICS malware (FrostyGoop, Industroyer2, PIPEDREAM) is the visible tip. The iceberg is authenticated parameter changes through native vendor functions. If your detection program is hunting ICS malware signatures while ignoring anomalous-but-authenticated activity on the control surface, you are looking in the wrong place. The unit of forensic interest is the session, not the packet. A boundary packet capture cannot reveal a manipulation that occurs entirely within an authenticated SCADA session. The session itself is the evidence.”
The Anthropic GTG-1002 disclosure from November (Chinese state-sponsored, roughly thirty global targets, AI executing 80 to 90 percent of the campaign with humans in four to six critical decision points) and the Dragos report on the attempted intrusion at a municipal water utility serving the Monterrey metropolitan area in January are the load-bearing evidence that the IT-OT boundary changed shape.
“The model performed broad enumeration on the IT side, surfaced a vNode industrial gateway and a SCADA/IIoT management platform as high-value pivots, and classified them correctly as OT-adjacent without prior ICS or OT context,” according to Kupisiewicz. “The attacker then directed password-spray against the interface. The OT-context judgment that historically gated this work to a specialist class is now a commodity input from any major LLM. Plan for the IT host that touches OT to be identified in minutes, not weeks. The control point is no longer obscure. The control point is whether compromise of that host produces control of the plant.”
Denis Calderone, CTO at Suzu Labs, noted that default passwords on devices running unauthenticated protocols, sitting directly on the public internet, operated by staff who mistook active cyberattacks for normal equipment glitches. “Every one of those problems traces back to the same root cause, that these systems were converged onto IP networks with zero defensive posture in mind. If anyone had architected even basic protections against internet-borne attack vectors when these HMIs and PLCs were networked, you wouldn’t see this kind of systemic exposure across five water treatment facilities in a single country.”
Highlighting that this is not random opportunistic hacking, Calderone identified that Poland’s internal security agency is describing what amounts to a sustained campaign against NATO critical infrastructure.
“The ABW report names Russian intelligence services as the driving force behind intensified cyber operations against Poland in 2024 and 2025, and these water attacks are part of a broader pattern that includes the national railway, air traffic control, and a foiled attempt to shut off water to one of Poland’s ten largest cities,” according to Calderone. “The ABW opened 48 espionage investigations in 2025 alone, up from six the year Russia invaded Ukraine. Considering everything we’re seeing, this is not run-of-the-mill hacktivism. This is a coordinated intelligence operation with critical infrastructure as a central target.”
Calderone mentioned that HMIs and SCADA interfaces need to come off the public internet, period. “If remote access is operationally necessary, put it behind a VPN with multi-factor authentication, not directly reachable on the open web. Segment OT networks from IT networks with monitored firewall boundaries. CISA and the EPA published a joint fact sheet in December 2024 specifically about internet-exposed HMIs in water and wastewater systems, and it reads like a checklist written for exactly these incidents. And operators need to be trained to recognize that unexpected parameter changes might not be a glitch. If your pumps or alarms are behaving strangely and you can’t explain why, treat it as a potential intrusion until proven otherwise.”
“Cyberattacks have evolved from stealing information, damaging reputations, and causing financial loss to the point where people are now asking whether cyberattacks could directly cost lives. We are getting closer to that reality,” Lydia Zhang, president and co-founder at Ridge Security Technology, mentioned in an emailed statement. “When it comes to critical infrastructure during wartime, more traditional approaches and operational discipline may prove more effective. This includes operating in air-gapped environments, enforcing strict personnel access controls, and strengthening external-facing interfaces such as websites and billing systems through layered protection and diligent security testing.”
In February, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert amplifying a recent incident in Poland’s energy sector that exposed serious vulnerabilities in OT (operational technology) and ICS used in critical infrastructure. In the late-December attack, a malicious actor gained initial access through insecure, internet-facing edge devices and subsequently deployed destructive tools that damaged remote terminal units, corrupted firmware, and wiped data on human-machine interfaces, disrupting the ability of operators to monitor and control at least 30 wind, solar, and heat generation sites even as power production continued.
