Undisclosed Poland distributed energy facilities
December 29, 2025
•[ cyberattack, OT security, critical infrastructure ]
Coordinated cyberattack targeted distributed energy sites in Poland, compromising OT control and communications systems at roughly 30 facilities and damaging some equipment beyond repair, but failing to disrupt electricity supply.
Romanian Waters (Administrația Națională Apele Române)
December 20, 2025
•[ ransomware, IT disruption, critical infrastructure ]
Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
Undisclosed Canadian oil & gas company
October 1, 2025
•[ hacktivism, operational technology ]
Hacktivists manipulated an automated tank gauge system at a Canadian oil & gas company, triggering erroneous alarms; no injuries or physical damage reported.
Polish hydropower plant in Tczew in August 2025
August 19, 2025
•[ hacktivism, industrial control systems, critical infrastructure ]
Russian hacktivists allegedly targeted a hydropower plant in Tczew in August 2025, releasing video evidence that Polish analysts said showed disruption to control systems and turbine operations.
Water Treatment Plant at Tolmicko
February 4, 2025
•[ unauthorized access, industrial control systems, critical infrastructure ]
CyberDefence24 reported that a pro-Russian Telegram group posted videos between Jan 2830, 2025 showing unauthorized access to interfaces for three Polish water treatment plants (SUW) in Tolkmicko, Madyty, and Sierakowo. The recordings showed attackers setting multiple parameters to maximum values, disabling selected device functions, and changing device PINs (including 1488). The article stated none of the plants reported problems at the time and noted the activity appeared propaganda-oriented, with no confirmed impact on critical infrastructure operations.
