[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZwIbYEqOIhRehCFd-BEtwB2pMQQ1Ab7o825TAJAjVNQ":3},{"article":4,"iocs":44},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":28,"category":29,"article_tags":33},"6ae86af3-6b95-4ffb-8c76-551fc59533d8","Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants","polish-security-agency-reports-ics-breaches-at-five-water-treatment-plants-3e9e83","The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants appeared first on SecurityWeek.","Poland's Internal Security Agency (ABW) documented breaches at five water treatment facilities in 2025 (Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo) where attackers gained ability to modify equipment operational parameters, risking public water supply. Primary attack vectors were weak password policies and internet-exposed ICS systems. ABW attributed attacks to Russian APT groups (APT28, APT29) and Belarusian-linked UNC1151, with broader targeting of Polish critical infrastructure including energy, wastewater, and waste incineration facilities.","Polish security agency reports ICS breaches at five water treatment plants with state-sponsored attribution.","Poland’s Internal Security Agency (ABW) has documented a significant escalation in cyberattacks targeting industrial control systems (ICS) and other operational technology (OT) infrastructure during 2024 and 2025, with state-sponsored threat actors increasingly shifting focus toward the physical disruption of critical services. A Polish official revealed in August 2025 that a cyberattack could have caused a city to lose its water supply, but the attack was thwarted. No technical information was shared at the time. The government agency’s new report [written in Polish] provides more information about these types of attacks on the country’s water sector. [ Read: Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion ] According to ABW, the most significant incidents involved direct intrusions into ICS at water treatment facilities across multiple Polish municipalities. In 2025, the agency recorded security breaches at water treatment stations in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo. In some cases the attackers gained access to ICS and obtained the ability to modify the operational parameters of equipment, creating a direct risk to operational continuity and the public water supply.Advertisement. Scroll to continue reading. The agency identified two primary attack vectors enabling these ICS intrusions: weak password policies and systems exposed directly to the internet. These are longstanding OT security hygiene failures, and they were also recently leveraged in a Russia-linked attack on Polish energy facilities. Beyond water systems, ABW documented an increase in attacks targeting supply chains, critical infrastructure, and ICS at other types of municipal utilities, including wastewater treatment plants and waste incineration facilities. Investigators determined that attackers targeting supply chains specifically sought contract data, project documentation, and authentication credentials that enable downstream access to systems. ABW attributed primary responsibility to hacktivist groups, though these are often personas used by foreign governments, particularly Russian intelligence services. The report specifically names Russian APT groups such as APT28 and APT29, and Belarusian-linked UNC1151 as operating against Polish targets. Related: Polish Space Agency Hit by Cyberattack Related: Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector Related: Man Linked to Phobos Ransomware Arrested in Poland Related: Hacking Attempt Reported at Poland’s Nuclear Research Center Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Attackers Could Exploit AI Vision Models Using Imperceptible Image ChangesClaude AI Guided Hackers Toward OT Assets During Water Utility IntrusionRomanian Man Extradited to US for Role in Hacking Scheme 17 Years AgoCISA Launches ‘CI Fortify’ to Prepare Critical Infrastructure for Geopolitical Cyber ConflictPalo Alto Networks to Patch Zero-Day Exploited to Hack FirewallsMicrosoft Warns of Sophisticated Phishing Campaign Targeting US OrganizationsCritical Remote Code Execution Vulnerability Patched in AndroidWhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities Latest News AI Firm Braintrust Prompts API Key Rotation After Data BreachCyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom‘PCPJack’ Worm Removes TeamPCP Infections, Steals CredentialsRansomware Group Takes Credit for Trellix HackVulnerability in Claude Extension for Chrome Exposes AI Agent to TakeoverIvanti Patches EPMM Zero-Day Exploited in Targeted AttacksWorries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s LeadersPalo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: ROSI for CPS Security Programs May 13, 2026 In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveSumo Logic has named Jeremy Powell as CISO and Ben Cody as SVP of Product Management.Bitdefender has appointed Frank Koelmel as Chief Revenue Officer of Business Solutions Group.John Hernandez has joined BlueVoyant as Chief Executive Officer.More People On The MoveExpert Insights The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fpolish-security-agency-reports-ics-breaches-at-five-water-treatment-plants\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F12\u002FWater-Cyberattacks.jpg","2026-05-08T11:46:06+00:00","2026-05-08T12:00:20.393243+00:00",9,[18,21,23,25],{"name":19,"type":20},"APT28","threat_actor",{"name":22,"type":20},"APT29",{"name":24,"type":20},"UNC1151",{"name":26,"type":27},"Poland's Internal Security Agency (ABW)","vendor","d6f63bb8-0801-486a-be7f-171400700454",{"id":28,"icon":30,"name":31,"slug":32},null,"IoT\u002FOT","iot-ot",[34,39],{"category":35},{"id":36,"icon":30,"name":37,"slug":38},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":40},{"id":41,"icon":30,"name":42,"slug":43},"c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73","Incident Response","incident-response",[]]