Sewage treatment plant in Witków
August 19, 2025
•[ industrial control systems, hacktivism, operational disruption ]
Russian hacktivists allegedly manipulated industrial control systems at the sewage treatment plant in Witkw, with video evidence and analyst review indicating operational disruption to plant processes.
Sewage treatment plant in Kunica
August 19, 2025
•[ industrial control systems, hacktivism, operational disruption ]
Russian hacktivists allegedly interfered with industrial control systems at the sewage treatment plant in Kunica, and publicly released video that Polish analysts assessed as showing real operational disruption.
Polish hydropower plant in Tczew in May 2025
August 19, 2025
•[ hacktivism, critical infrastructure, operational disruption ]
Russian hacktivists allegedly targeted a hydropower plant in Tczew in May 2025, but reporting suggests the facility may have been offline at the time, limiting evidence of meaningful operational disruption.
Polish hydropower plant in Tczew in August 2025
August 19, 2025
•[ hacktivism, industrial control systems, critical infrastructure ]
Russian hacktivists allegedly targeted a hydropower plant in Tczew in August 2025, releasing video evidence that Polish analysts said showed disruption to control systems and turbine operations.
Szczytno water treatment plant
August 12, 2025
•[ hacktivism, industrial control systems, critical infrastructure ]
CyberDefence24 reported pro-Russian hacktivists published another recording on Aug. 12, 2025 from the same Polish hydroelectric plant previously referenced in early July 2025 reporting. The outlet said the new video suggested the attackers accessed the control panel while the plant was operating (generator/rotor turning and current visible) and that this represented a more serious incident than the earlier case where the plant appeared off. The report stated attackers did not appear to have full control of the infrastructure, but the incident indicates unauthorized access to industrial control interfaces and potential cyber-physical risk.
Jabłonna Lacka Water Treatment Plant
August 1, 2025
•[ industrial control systems, ICS, critical infrastructure ]
Poland's Internal Security Agency reported that attackers breached industrial control systems at multiple water treatment facilities in 2025, including Jabonna Lacka. The attackers gained access to operational systems controlling water treatment processes and in some cases obtained the ability to modify equipment operational parameters, creating a direct risk to operational continuity and public water supply. Public reporting says the August 2025 incident nearly caused a municipality to lose its water supply before authorities intervened. Polish cybersecurity reporting linked several water-facility incidents to a pro-Russian hacktivist group, but no public source identified the specific named perpetrator for the Jabonna Lacka incident.
Undisclosed Canadian electric utility
July 29, 2025
•[ cyberattack, service disruption, critical infrastructure ]
Canadian utility reported a cyberattack that disrupted smart/power meters and required onsite remediation to restore accurate billing and service.
POST Luxembourg (national telecommunications infrastructure)
July 23, 2025
•[ cyberattack, outage, critical infrastructure ]
Cyberattack targeting Huawei telecommunications equipment caused a nationwide outage of 4G and 5G mobile networks in Luxembourg, disrupting emergency services, internet access, and electronic transactions for several hours.
Undisclosed Ukrainian Energy Organization
June 6, 2025
•[ malware, apt, data destruction ]
PathWiper malware associated with a pro-Russian APT destroyed data at an undisclosed Ukrainian energy organization on June 6, 2025; Cisco Talos and CERT-UA confirmed data destruction; no data theft reported.
At least one government agency or state-owned enterprise in Southeast Asia
April 10, 2025
•[ data leak, espionage, government ]
The Record, citing Symantecs Threat Hunter Team, reported that the China-linked APT group Billbug (also known as Thrip and Lotus Blossom) compromised multiple government and critical infrastructure organizations in a Southeast Asian country in April 2025. The campaign involved exploitation of legitimate digital certificates and living-off-the-land tools to exfiltrate sensitive documents from government and military networks. No encryption or disruption was reported, and the activity is assessed as political espionage conducted under Chinas Ministry of State Security.
Undisclosed Ukrainian critical infrastructure organization
April 1, 2025
•[ malware, data exfiltration, wiper ]
The FSBs 18th Center for Information Security (Gamaredon) deployed PathWiper malware against an undisclosed Ukrainian critical-infrastructure operator in early April 2025, exfiltrating large volumes of operational data before executing a destructive wiper that caused temporary service degradation.
Water Treatment Plant at Tolmicko
February 4, 2025
•[ unauthorized access, industrial control systems, critical infrastructure ]
CyberDefence24 reported that a pro-Russian Telegram group posted videos between Jan 2830, 2025 showing unauthorized access to interfaces for three Polish water treatment plants (SUW) in Tolkmicko, Madyty, and Sierakowo. The recordings showed attackers setting multiple parameters to maximum values, disabling selected device functions, and changing device PINs (including 1488). The article stated none of the plants reported problems at the time and noted the activity appeared propaganda-oriented, with no confirmed impact on critical infrastructure operations.
Water Treatment Plant at Madyty
January 28, 2025
•[ unauthorized access, ICS/SCADA, critical infrastructure ]
CyberDefence24 reported that a pro-Russian Telegram group posted videos between Jan 2830, 2025 showing unauthorized access to interfaces for three Polish water treatment plants (SUW) in Tolkmicko, Madyty, and Sierakowo. The recordings showed attackers setting multiple parameters to maximum values, disabling selected device functions, and changing device PINs (including 1488). The article stated none of the plants reported problems at the time and noted the activity appeared propaganda-oriented, with no confirmed impact on critical infrastructure operations.
At least one undisclosed organization in Bangladesh
January 1, 2025
•[ cyber-espionage, typosquatting, Havoc C2 ]
Industrial Cyber summarized Arctic Wolf Labs findings that SloppyLemming conducted an extensive cyber-espionage campaign from January 2025 through January 2026 targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The report notes recurring tradecraft such as typosquatted government-themed infrastructure, Cloudflare Workers use, Havoc C2, and DLL sideloading, and names several targeted entities across defense, telecom, energy, and nuclear regulation. This is campaign-level reporting with multiple targets rather than a single incident record.
Refinadora Costarricense de Petróleo
November 27, 2024
•[ ransomware, energy, critical infrastructure ]
Refinadora Costarricense de Petrleo (RECOPE), the state-owned energy provider for Costa Rica is hit with a ransomware attack, requiring the company to shift to manual operations and call in help from abroad.
Cyprus’ critical infrastructure and government websites
October 18, 2024
•[ cyberattacks, pro-Palestine hacker groups, critical infrastructure ]
Cyprus critical infrastructure and government websites are targeted in a series of coordinated cyberattacks claimed by several pro-Palestine hacker groups.
Danish Water Utility
January 6, 2024
•[ cyberattack, state-sponsored, critical infrastructure ]
Danish authorities stated that Russia carried out a destructive and disruptive cyberattack against a Danish water utility in 2024. Reporting cited by Danish media said the incident involved manipulation of pump pressure, which caused pipes to burst and left some homes temporarily without water. The public reporting did not name the utility or provide precise dates beyond year-level timing.
Argentina's official immigration agency, DirecciÃÆ'Æ'Æ'ÃÆ'ââ'¬Â 'ÃÆ'Æ'ââ'¬Ã' 'ÃÆ'Æ'Æ''ÃÆ'Æ'ââ'¬Ã' 'ÃÆ'Æ'Æ'ÃÆ'ââ'¬Â ''ÃÆ'Æ'Æ''ÃÆ'Æ''ÃÆ''Ã'Ã'³n Nacional de Migraciones
August 27, 2020
•[ ransomware, Netwalker, critical infrastructure ]
Argentina's official immigration agency, Direcci n Nacional de Migraciones, suffers a Netwalker ransomware attack that temporarily halts border crossing into and out of the country.
