Polish authorities successfully blocked a cyberattack aimed at disrupting water services in a large city, Deputy Prime Minister and Minister of Digitalization Krzysztof Havkowski told Onet on August 14, 2025. The incident was detected and neutralized just in time, preventing any interruption to the municipal water system. Havkowski did not disclose the city or potential perpetrators but noted that Poland intercepts approximately 99% of attempted cyberattacks. The episode underscores Poland’s position as a frequent target due to its role as a logistical hub supporting Ukraine and ongoing strategic infrastructure protection.
Cyber threats escalate amid hybrid warfare pressures
Experts highlight that targeting water systems is a typical tactic in Russian hybrid warfare, designed to create panic, undermine public trust, and signal governmental vulnerability. Previous operations illustrate a clear progression: misinformation and fake news, followed by direct cyber intrusions and sabotage. Last year’s breach of the Polish Press Agency (PAP), which circulated false mobilization claims, served as a rehearsal for more direct attacks in 2025 on municipal utilities and energy networks. In response, Warsaw allocated over 3 billion zlotys (approximately $800 million) to bolster cybersecurity defenses.
Physical infrastructure at risk from digital operations
Even with robust defenses, authorities warn that a single successful breach could disrupt essential services such as water or electricity. Daily cyberattacks, attributed to Russian activity against countries supporting Ukraine, number in the hundreds. Earlier in April 2025, Norwegian security authorities reported that Russian hackers temporarily gained control over a hydroelectric facility in Bremanger, releasing water without casualties only due to low reservoir levels. This incident emphasizes the real-world impact of cyber operations beyond digital data, raising alarms across Europe’s energy sector.
Complementary sabotage and strategic intimidation
In parallel with cyberattacks, Russia has reportedly used mercenaries and foreign agents to carry out arson and other destructive actions within the EU. Poland linked Russian intelligence to a large fire at Warsaw’s Marywilska 44 shopping center in May 2024 and to a Colombian operative responsible for a series of fires in July 2025. These low-cost actions generate fear and serve as psychological leverage against governments and societies. Across Europe, similar small-scale sabotage—fires at warehouses, logistics hubs, and cultural sites—has been observed in France, Germany, the UK, the Baltics, Poland, and the Czech Republic, pointing to a broader campaign aimed at intimidating populations and fracturing alliances supporting Ukraine.
Direct attribution strengthens defensive measures
Officially naming Russia as the actor behind these incidents triggers tangible responses: criminal investigations, arrests, expulsions, sanctions, and enhanced counterintelligence measures. Cases like Norway’s hydroelectric breach and Poland’s Marywilska 44 arson exemplify the importance of public attribution. To disrupt the cycle of Russian sabotage, experts advocate combining legal action, sanctions, and specialized operations, such as targeting GRU officers linked to NotPetya or dismantling ransomware infrastructure like LockBit through coordinated initiatives. Integrated EU-NATO cooperation—including intelligence sharing, joint infrastructure stress tests, mutual recognition of warrants, and synchronized sanctions—further limits operational safety for Russian actors.
