by: Jairo J. Rodriguez U.

Cyberattacks on critical infrastructure are escalating in Northern and Eastern Europe, with water systems now in the crosshairs. Authorities in Norway and Poland are openly pointing to Russian-linked threat actors as the source of the latest wave of intrusions.

Targeting Essential Services

Both Norway’s National Security Authority (NSM) and Poland’s Internal Security Agency (ABW) have confirmed that municipal water utilities experienced disruptive cyber incidents this month. The attacks reportedly aimed at supervisory control and data acquisition (SCADA) environments, the systems responsible for water treatment and distribution.

Officials said the intent was not only to cause temporary outages but also to undermine public trust in essential services.

In Norway, several regional water facilities reported “sustained intrusion attempts” on operational technology networks. In Poland, attackers were able to briefly disable monitoring dashboards used by local utilities, forcing staff to rely on manual checks.

Attribution Points to Russia

Investigators from both countries linked the incidents to Russian-backed hacktivist groups that have a history of targeting NATO members. Forensic evidence included overlaps in command-and-control infrastructure with previous Russian campaigns, as well as the use of malware strains previously tied to GRU-aligned operators.

“Critical infrastructure, including energy and water, has become a front line in geopolitical cyber operations,” said one Polish security official. “These attacks are not isolated—they are part of a coordinated pressure campaign.”

How the Attacks Work

The campaigns followed a familiar pattern:

1. Initial Access – Attackers scanned exposed remote desktop and VPN services used by water utilities.
2. Lateral Movement – Once inside, they pivoted into SCADA segments, often exploiting weak or default credentials.
3. Disruption Attempts – Malicious scripts were deployed to disable monitoring tools, with some attempts made to alter alarm thresholds.
4. Psychological Pressure – Attackers claimed responsibility on Telegram channels, boasting of their ability to “poison water supplies,” though officials stressed no such manipulation occurred.

Why This Matters

Water systems are considered high-value but vulnerable targets in the realm of OT cybersecurity. Unlike power grids or telecommunications, many municipal utilities rely on legacy equipment with limited security controls. The incidents highlight:

• The fragility of public utilities in hybrid warfare.
• The potential risks of cascading failures if attackers shift from nuisance disruptions to tampering with water quality.
• The geopolitical signaling, as Russia leverages cyberattacks to unsettle NATO allies without triggering direct military escalation.

Defensive Lessons

Cybersecurity experts recommend urgent actions for utilities:

• Network segmentation: Strictly separate IT and OT environments to limit attacker movement.
• Access hardening: Eliminate exposed RDP/VPN endpoints, enforce multifactor authentication.
• Continuous monitoring: Deploy intrusion detection for SCADA and OT protocols (e.g., Modbus, DNP3).
• Incident drills: Prepare staff for manual operations when systems are unavailable.

Looking Ahead

As tensions between Russia and NATO remain high, experts warn that water infrastructure may become a persistent target in 2025’s cyber conflict landscape. Norway and Poland are coordinating with the EU and NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) to share intelligence and harden defenses.

For now, both governments stress that no water contamination occurred, but the message is clear: cyberattacks are no longer limited to stealing data—they are testing the resilience of the systems that keep society functioning.