Polish Intelligence Warns of Rising Cyber Incursions Against Municipal Water Systems

Polish intelligence services have issued a somber warning regarding a succession of incursions targeting water treatment facilities, where, in several instances, adversaries successfully infiltrated industrial control systems. Such offensives rarely manifest with outward clamor, yet they possess the latent capacity to precipitously transform a digital incident into a systemic crisis for entire municipalities.

The Internal Security Agency of Poland (ABW) disclosed in its latest public mandate that throughout 2025, water purification plants in Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, and Sierakowo fell under siege. According to the agency, the assailants gained access to industrial control interfaces in multiple cases, empowering them to manipulate technical parameters—an act the ABW correlates with a direct threat to the stability of the water supply.

While the Polish authorities have refrained from naming a specific syndicate, the report underscores that cyber threats against the nation have intensified markedly over the past biennium, with critical infrastructure increasingly becoming a focal point for malevolent actors. Previously, the publication CyberDefence24 attributed certain incidents at these facilities to a hacktivist collective that disseminated video evidence of its intrusions. Data suggests that at one facility, the adversaries utilized administrative credentials to subvert settings pertaining to hydraulic pumps and alarm systems.

The ABW further elucidated an expansive reconnaissance campaign that likely preceded these assaults on military installations, critical infrastructure, and public institutions. The agency posits that such maneuvers elevate the risk not only for digital architectures but for the fundamental services upon which daily life depends. Polish authorities have documented other significant incidents, including a breach of the national railway’s communication network, a disruption within air traffic control systems, and the dissemination of a fraudulent report regarding military mobilization via the compromised PAP news agency. During the reporting period, the governmental incident response team received over 40,000 notifications of potential cyber incursions. Of particular concern are water supply entities where operator interfaces frequently lack the requisite authentication protocols.

Furthermore, the ABW highlighted a precipitous rise in espionage activities. In 2025, the agency inaugurated forty-eight such investigations, a stark increase from the six recorded in 2022. The agency maintains that adversaries are transitioning from disparate online operatives to more structured networks intertwined with criminal organizations. Recruitment is facilitated through encrypted messaging platforms and cryptocurrency payments, with clandestine assignments often masqueraded as legitimate employment opportunities.

Poland is countering these threats through arrests, expulsions, and diplomatic maneuvers. Colonel Rafał Syrysko, head of the ABW, announced the agency’s intention to resume the regular publication of national security risk assessments. This current brief represents the ABW’s inaugural public disclosure of this nature since 2014.