Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

The Polish Internal Security Agency (ABW) has released a troubling report detailing a series of cyberattacks on industrial control systems (ICS) within the nation's water treatment facilities. This escalation in cyber threats highlights a growing concern regarding the security of critical infrastructure and the potential risks to public safety.

What Happened

In 2025, ABW documented significant breaches at five water treatment plants located in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo. Attackers managed to infiltrate these facilities, gaining the capability to modify operational parameters of essential equipment. This intrusion posed a direct threat to the continuity of water supply services, raising alarms about the potential impact on public health and safety.

ABW's report indicates that these attacks were facilitated by two primary vulnerabilities: inadequate password policies and direct exposure of systems to the internet. These weaknesses have long been recognized as critical security gaps in operational technology (OT) environments.

Why It Matters

The implications of these breaches extend beyond immediate operational disruptions. The ability of malicious actors to alter the functioning of water treatment systems can lead to severe public safety risks, including contamination of drinking water. Furthermore, the report underscores a broader trend of increasing cyberattacks targeting critical infrastructure, which could result in significant economic and social consequences.

The report also highlights the involvement of state-sponsored threat actors, particularly those linked to Russian intelligence services, such as APT28 and APT29, as well as Belarusian group UNC1151. This connection raises concerns about the geopolitical implications of cyber warfare and the targeting of essential services.

Affected Users or Organizations

The breaches primarily affected municipal water treatment facilities across several Polish municipalities. Given the critical nature of these services, the potential impact extends to all residents relying on these facilities for safe drinking water. Additionally, the report indicates that other sectors, including wastewater treatment and waste management, are also increasingly targeted.

Recommended Actions

• Enhance Password Policies: Organizations should implement robust password management practices, including the use of multi-factor authentication to mitigate unauthorized access.
• Conduct Security Audits: Regular assessments of ICS and OT environments are crucial to identify and remediate vulnerabilities.
• Limit Internet Exposure: Systems should be segmented and protected from direct internet access to reduce the attack surface.
• Implement Threat Intelligence: Organizations should stay informed about emerging threats and trends, particularly those linked to state-sponsored actors.
• Develop Incident Response Plans: Establish comprehensive incident response strategies to quickly address potential breaches and minimize impact.

The ABW's findings serve as a critical reminder of the vulnerabilities present within critical infrastructure and the urgent need for enhanced cybersecurity measures to protect public services from cyber threats.