Cybersecurity officials are sounding alarms after hackers were linked to attacks on critical water treatment infrastructure in Poland an escalation that experts warn mirrors growing threats to similar systems in the United States.
According to Poland’s intelligence service, hackers breached systems at five water treatment plants, gaining access to industrial control equipment that, in worst-case scenarios, could have allowed them to alter chemical levels in public water supplies. Authorities said the incidents occurred over the past two years and form part of a broader campaign targeting the country’s critical infrastructure.
The findings were published in a report by Poland’s Internal Security Agency, which warned that sabotage activities largely attributed to Russian-linked cyber operations remain an Immediate and serious threat requiring heightened national response.
Officials said the attacks targeted not only water systems but also military installations, energy facilities, and other civilian infrastructure.
While the report did not directly confirm the identities of all perpetrators, it emphasized ongoing Russian-backed cyber and sabotage activity aimed at destabilizing Poland.
Security experts note that the threat is not limited to Europe.
In the United States, water systems have also been repeatedly targeted in recent years. One of the most widely cited incidents occurred in Oldsmar, Florida in 2021, where a hacker briefly accessed a water treatment system and attempted to increase sodium hydroxide levels to dangerous concentrations before operators intervened.
Federal agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency, have since warned that water utilities remain soft targets due to outdated systems and weak cybersecurity protections.
More recently, U.S. authorities have issued alerts about Iranian-linked hacking groups such as CyberAv3ngers targeting programmable logic controllers used in water and energy infrastructure.
Similar intrusions have already been reported at several facilities, raising concerns about coordinated international campaigns against critical utilities.
Experts say the attacks in Poland reflect a broader global shift toward cyber sabotage of essential services, including:
- Water treatment systems
- Power grids
- Energy pipelines
- Transportation infrastructure
Polish authorities warned that such operations are increasingly being used as tools of geopolitical pressure, particularly in conflicts involving Russia and Western nations.
The report suggests that cyberattacks are no longer limited to data theft or financial disruption but are now being designed to potentially cause physical damage or public safety risks.
Security analysts highlight several vulnerabilities:
- Many systems rely on outdated industrial software
- Remote access tools are often poorly secured
- Limited cybersecurity staffing in utilities
- Increasing connectivity between operational systems and the internet
This combination makes water infrastructure particularly attractive to state-backed hackers and cybercriminal groups.
