Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

The agency identified two primary attack vectors enabling these ICS intrusions: weak password policies and systems exposed directly to the internet. These are longstanding OT security hygiene failures, and they were also recently leveraged in aRussia-linked attack on Polish energy facilities.Beyond water systems, ABW documented an increase in attacks targeting supply chains, critical infrastructure, and ICS at other types of municipal utilities, including wastewater treatment plants and waste incineration facilities.Investigators determined that attackers targeting supply chains specifically sought contract data, project documentation, and authentication credentials that enable downstream access to systems.ABW attributed primary responsibility tohacktivistgroups, though these are often personas used by foreign governments, particularly Russian intelligence services.The report specifically names Russian APT groups such asAPT28andAPT29, and Belarusian-linkedUNC1151as operating against Polish targets.Related:Polish Space Agency Hit by CyberattackRelated:Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorRelated:Man Linked to Phobos Ransomware Arrested in PolandRelated:Hacking Attempt Reported at Poland’s Nuclear Research Center

Beyond water systems, ABW documented an increase in attacks targeting supply chains, critical infrastructure, and ICS at other types of municipal utilities, including wastewater treatment plants and waste incineration facilities.Investigators determined that attackers targeting supply chains specifically sought contract data, project documentation, and authentication credentials that enable downstream access to systems.ABW attributed primary responsibility tohacktivistgroups, though these are often personas used by foreign governments, particularly Russian intelligence services.The report specifically names Russian APT groups such asAPT28andAPT29, and Belarusian-linkedUNC1151as operating against Polish targets.Related:Polish Space Agency Hit by CyberattackRelated:Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorRelated:Man Linked to Phobos Ransomware Arrested in PolandRelated:Hacking Attempt Reported at Poland’s Nuclear Research Center

Investigators determined that attackers targeting supply chains specifically sought contract data, project documentation, and authentication credentials that enable downstream access to systems.ABW attributed primary responsibility tohacktivistgroups, though these are often personas used by foreign governments, particularly Russian intelligence services.The report specifically names Russian APT groups such asAPT28andAPT29, and Belarusian-linkedUNC1151as operating against Polish targets.Related:Polish Space Agency Hit by CyberattackRelated:Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorRelated:Man Linked to Phobos Ransomware Arrested in PolandRelated:Hacking Attempt Reported at Poland’s Nuclear Research Center

ABW attributed primary responsibility tohacktivistgroups, though these are often personas used by foreign governments, particularly Russian intelligence services.The report specifically names Russian APT groups such asAPT28andAPT29, and Belarusian-linkedUNC1151as operating against Polish targets.Related:Polish Space Agency Hit by CyberattackRelated:Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorRelated:Man Linked to Phobos Ransomware Arrested in PolandRelated:Hacking Attempt Reported at Poland’s Nuclear Research Center

The report specifically names Russian APT groups such asAPT28andAPT29, and Belarusian-linkedUNC1151as operating against Polish targets.Related:Polish Space Agency Hit by CyberattackRelated:Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorRelated:Man Linked to Phobos Ransomware Arrested in PolandRelated:Hacking Attempt Reported at Poland’s Nuclear Research Center

Related:Polish Space Agency Hit by CyberattackRelated:Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorRelated:Man Linked to Phobos Ransomware Arrested in PolandRelated:Hacking Attempt Reported at Poland’s Nuclear Research Center

Related:Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorRelated:Man Linked to Phobos Ransomware Arrested in PolandRelated:Hacking Attempt Reported at Poland’s Nuclear Research Center

Related:Man Linked to Phobos Ransomware Arrested in PolandRelated:Hacking Attempt Reported at Poland’s Nuclear Research Center

Related:Hacking Attempt Reported at Poland’s Nuclear Research Center

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Source: SecurityWeek