Poland Thwarts Major Cyberattack on City Water Supply Amid Escalating Threats

Major Cyberattack on Water Infrastructure Averted

In August 2025, Polish authorities successfully thwarted a sophisticated cyberattack targeting the water and sewage system of a large Polish city. Deputy Prime Minister and Minister of Digital Affairs, Krzysztof Gawkowski, revealed that the intrusion, if successful, could have left a significant urban center without water. Gawkowski stated that security services detected and neutralized the threat 'at the last minute', preventing widespread disruption.

While the specific city was not named to avoid public alarm, the incident underscores the escalating cyber threats facing Poland's critical infrastructure. Gawkowski indirectly attributed the attack to Russian hostility, noting an 'ongoing' cyberwar with Russia.

Escalating Cyber Warfare and Russian Attribution

Poland has been experiencing a significant increase in cyberattacks, with officials claiming the country is a primary target for Russian cyber operations within the European Union. These attacks are believed to be part of a broader effort to weaken the Polish government and undermine its sovereignty. Experts suggest that Russian state-sponsored groups and affiliated cybercriminals are the primary threat actors.

The digital front is intensely active, with Poland reportedly facing up to 4,000 cyberattacks per day, many aimed at critical infrastructure. Despite this, Polish officials assert a high success rate, claiming to thwart approximately 99% of attempted cyberattacks.

Specific Incidents and Vulnerabilities Highlighted

Beyond the thwarted August 2025 water supply attack, numerous other incidents have targeted Poland's water and energy sectors:

• In August 2025, a small hydropower plant in Poland's Pomeranian Voivodeship, near Gdańsk, was successfully compromised by pro-Russian hackers. This was the second attack on the same facility in months, with attackers manipulating operational parameters to disrupt power output.
• Throughout 2024 and 2025, water treatment stations in locations such as Szczytno, Małdyty, Tolkmicko, and Sieraków, as well as wastewater plants in Witków and Kuźnica, have been targeted.
• A December 2025 cyberattack on Poland's energy grid, which nearly crippled power in parts of the country, highlighted vulnerabilities in internet-facing edge devices and the use of default passwords.

These incidents often involve attackers gaining unauthorized access to Supervisory Control and Data Acquisition (SCADA) and Operational Technology (OT) systems, sometimes altering parameters like filtration or pumping cycles.

Poland's Strengthened Cybersecurity Measures

In response to the persistent threat, Poland has significantly boosted its cybersecurity efforts. The government allocated an unprecedented €1 billion to cybersecurity funding in 2025. Specific measures include:

• The establishment of the Information Exchange and Analysis Center for the Water Supply and Distribution Sector, aimed at facilitating faster information sharing among water utilities for better prevention and coordinated response.
• An additional €80 million allocated to bolster cybersecurity for water management systems.
• Development of a 'national cybersecurity shield' and the upcoming Act on the National Cybersecurity System to introduce more stringent requirements for risk management and protection of IT and OT systems.

Deputy Prime Minister Gawkowski emphasized the need for proactive measures, stating, 'The threat of cyberattacks on water suppliers is real. We must act proactively to protect this critical infrastructure.'