Overview
- Poland’s Internal Security Agency, in a report published Friday, confirmed direct intrusions into industrial control systems at five water treatment sites in 2025.
- Attackers in several cases could change equipment settings inside the plants, creating a direct risk to water safety and service continuity, and a Polish official said in August 2025 a city almost lost supply before a cyberattack was stopped.
- Investigators identified weak or default passwords and management interfaces left on the open internet as the main ways intruders got in.
- The agency linked much of the activity to hacktivist fronts for foreign services, naming Russia’s APT28 and APT29 and Belarus‑linked UNC1151 as active against Polish targets.
- ABW also reported attacks on municipal utilities and their suppliers to steal project files and login credentials, while U.S. advisories warn of similar threats to programmable logic controllers after incidents in Florida in 2021 and Pennsylvania in 2023.