Russian Hacktivists Target Polish Hydropower Plant in Repeat Attack

Key Takeaways:

  • Russian-linked hacktivists disrupted operations at a hydropower plant in Tczew, Poland, marking the second time the same facility has been hit this year.
  • The attack impacted control systems and turbines, underscoring the vulnerability of critical infrastructure to cyber disruption.
  • Groups such as Cyber Army of Russia Reborn and Sandworm are suspected of involvement, blurring the line between independent hacktivism and state-sponsored operations.
  • Poland has been a frequent target of Russian cyber activity due to its proximity to Ukraine and its role as a logistics and political supporter of Kyiv.
  • Authorities are reinforcing defenses across power and water systems, but repeated incidents highlight persistent exposure.

Russian hacktivists have once again struck a Polish hydropower facility, disrupting operations in a repeat attack that highlights the ongoing cyber threat against European infrastructure. The incident took place at the Tczew plant near Gdańsk, where attackers compromised control systems and turbines. Videos released online initially appeared to be recycled footage from a previous attack in May, but analysts confirmed they documented a new round of sabotage.

This follows a growing pattern of Russian-aligned groups targeting critical systems in Poland. In May, the same plant suffered disruption, and other facilities—such as municipal water treatment systems in smaller towns—have also been tampered with. In some cases, attackers attempted to manipulate wastewater systems or open valves in ways that could endanger public health. Reports point to groups such as the Cyber Army of Russia Reborn, which has claimed responsibility for attacks designed to demonstrate capability and cause psychological impact.

The disruption of the Tczew hydropower plant forms part of a broader campaign of hybrid warfare. As outlined in research on Russian hybrid operations in Europe, cyberattacks increasingly complement physical sabotage, disinformation, and propaganda. The blending of these tactics aims to undermine confidence in government institutions, strain resources, and create uncertainty about the safety of everyday services such as electricity and water.

Attribution remains difficult in these cases. Hacktivist groups often operate with overlapping identities and unclear lines to the Russian state. While Cyber Army of Russia Reborn publishes videos dramatizing its attacks, Western intelligence agencies and independent researchers have suggested links to Sandworm, a well-documented Russian military cyber unit. This overlap complicates response efforts, as officials must determine whether incidents are independent acts of hacktivism or coordinated state-backed operations.

According to an interview with Poland’s deputy prime minister, the country faces as many as 300 cyberattacks a day, many attributed to Russian actors. This relentless pressure places stress on security teams at utilities and government agencies, requiring both technical defenses and public communication strategies to maintain confidence. The deputy prime minister underscored that cyber defense is now as critical as physical border security, given the role Poland plays in supporting Ukraine and coordinating NATO logistics.

The repeated targeting of the Tczew plant raises particular concerns about operational technology systems, which are distinct from traditional IT networks. Industrial control systems that operate turbines, valves, and other critical components were designed decades ago with little thought to cybersecurity. While many facilities have been retrofitted with protective measures, attackers continue to exploit gaps in segmentation, monitoring, and authentication. The fact that attackers were able to disrupt turbine controls twice in the span of months underscores the challenges of defending these environments.

Poland has responded by investing in cybersecurity resilience, launching national initiatives to coordinate across utilities, government agencies, and private operators. Earlier this year, Polish authorities announced expanded partnerships with international allies to share intelligence on threats and accelerate incident response. Still, as this latest event demonstrates, adversaries remain persistent and adaptive.

This pattern of targeting critical infrastructure is not unique to Poland. Across Europe, Russian-aligned groups have been linked to attempted disruptions of power grids, transportation networks, and municipal services. The attacks often have a dual purpose: they may cause real operational disruption, but they also serve as propaganda tools. Videos posted by attackers aim to generate fear, showcase power, and amplify narratives about the vulnerability of Western nations. The performative aspect of these operations makes them difficult to counter, as even failed or limited attacks can achieve psychological objectives.

The repeat attack on the Tczew plant also raises questions about how nations can best prioritize defense spending. Traditional cybersecurity has focused on corporate networks and financial systems, but the operational technology environment is emerging as a critical frontier. Protecting hydropower, water, and energy systems requires specialized skills, significant investment, and close coordination between engineers and security professionals. Without these measures, attackers may continue to exploit weak points in industrial control systems.

For Poland, the attacks highlight both risk and resilience. On one hand, repeated disruption of the same plant points to gaps that adversaries can exploit. On the other, the fact that the country has remained operational and continues to counter hundreds of daily threats shows a capacity to absorb attacks and adapt defenses. Still, the targeting of energy and water systems is a reminder that even limited cyber events can have outsized political and social consequences.

This episode illustrates the evolving role of cyber operations in modern conflict. By striking at the Tczew hydropower plant again, Russian-aligned actors demonstrated both persistence and capability. For Poland and its allies, the challenge will be to strengthen defenses, maintain public confidence, and ensure that critical infrastructure can withstand not only one-off incidents but sustained campaigns of disruption.

Learn how AI Agents can supercharge your company’s profits and productivity at TMC’s AI Agent Event in Sept 29-30, 2025 in DC.

Rich Tehrani serves as CEO of TMC and chairman of ITEXPO #TECHSUPERSHOW Feb 10-12, 2026 and is CEO of RT Advisors and is a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). He handles capital/debt raises as well as M&A. RT Advisors is not owned by Four Points.

The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.

The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.

Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing.

Related Articles

Loader..

 

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap