(TLP:CLEAR) Poland Warns of Escalating Cyber Threats to Water Utilities and ICS Operations

Summary: Poland’s internal Security Agency (ABW) recently warned that cyber attacks targeting industrial control systems (ICS) and municipal water infrastructure are increasingly shifting from espionage and data theft toward attempts to cause physical disruption. The report indicates that Russian-linked hybrid operations and cyber activity targeting critical infrastructure intensified significantly during 2024–2025. It highlights increasing threats to operational technology (OT), public infrastructure, and especially water utilities. Multiple Polish water treatment facilities were compromised in 2025, including one incident that nearly disrupted a city’s water supply.

Analyst Note: The report highlights growing concern that water and wastewater utilities, particularly smaller utilities with limited cybersecurity resources, remain attractive targets for state-backed and opportunistic threat actors. According to the report, attackers frequently leveraged internet-exposed Human-Machine Interfaces (HMIs), default credentials, and weak remote access configurations rather than sophisticated malware. The report also warns that AI tools are lowering the technical barrier for identifying and targeting OT/ICS environments.

WaterISAC encourages members to review internet-facing OT assets and restrict HMI exposure. Additionally, implementing multi-factor authentication (MFA) for remote access is critical in this threat landscape.

Original Source: https://industrialcyber.co/reports/polish-abw-warns-cyberattacks-shifting-from-espionage-and-data-theft-toward-physical-disruption-of-critical-infrastructure/

Additional Reading:

• (TLP:GREEN) Recent Significant Nation-State and Hacktivist Cyber Attacks on OT Infrastructure

Related WaterISAC PIRs: 6, 7, 7.1, 9, 10, 10.2, 11, 12