Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure

Summary

Sweden publicly blamed a pro-Russian group with ties to Russia's security and intelligence services for a cyberattack on a heating plant in western Sweden last year, though the attack failed. The attribution aligns with warnings from Poland, Norway, Denmark, and Latvia about coordinated Russian attacks on critical infrastructure across Europe, including similar incidents targeting energy systems and water utilities. Officials characterize these attacks as part of a broader Russian sabotage campaign—over 150 incidents tracked since February 2022—designed to undermine Ukraine support, sow discord, and drain European resources.

Full text

Sweden said Wednesday that a pro-Russian group with links to Russia’s security and intelligence services was behind a cyberattack on a heating plant last year. The announcement followed warnings from officials in Poland, Norway, Denmark and Latvia that Russia is attacking critical infrastructure across Europe. In what was Sweden’s first public mention of the attack, the country’s minister for civil defense, Carl-Oskar Bohlin, said it targeted a heating plant in western Sweden but the attack failed. He gave no further details. Bohlin compared it to incidents in Poland in December, when coordinated cyberattacks hit combined heat and power plants supplying heat to almost 500,000 customers, as well as wind and solar farms. Poland later said evidence indicated hackers were “directly linked to the Russian services.” Bohlin said the cyberattacks in Sweden and Poland are directed at systems controlling critical infrastructure with potentially serious consequences for society. The attacks show Russia is engaging in risky and careless behavior, he said. The attacks are among more than 150 incidents of sabotage and malign activity across Europe tracked by The Associated Press and linked to Russia by Western officials since Moscow’s full-scale invasion of Ukraine in February 2022. Officials say a goal of the attacks is to undermine support for Ukraine, spread fear and discord in European societies and drain investigative resources.Advertisement. Scroll to continue reading. The Kremlin has previously denied carrying out any kind of sabotage campaign across Europe. Danish officials in December said cyberattacks carried out by Russia in 2024 on a water utility left some houses without water, while in August, Norwegian police said pro-Russian hackers remotely opened a valve in a dam, allowing water to pour out. In March, Latvia’s State Security Service said a train and railway infrastructure were set on fire by people acting in Russia’s interests. Written By Associated Press More from Associated Press Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy ProtectionsShaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for LongHacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in WarfarePro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal AccountPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorIran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to ChinaIran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War Latest News Exploited Vulnerability Exposes Nginx Servers to HackingCapsule Security Emerges From Stealth With $7 Million in Funding‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks100 Chrome Extensions Steal User Data, Create BackdoorCISO Conversations: Ross McKerchar, CISO at SophosMirax RAT Targeting Android Users in EuropeTwo Vulnerabilities Patched in Ivanti Neurons for ITSM $10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveThe United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure.Black Duck has named Dom Glavach as Chief Information Security Officer.Finite State has named Ann Miller as Vice President of Marketing.More People On The MoveExpert Insights The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Entities