On August 14, 2025, Poland narrowly avoided a potential disruption of water services in a major city after a cyberattack was detected and contained in time, Deputy Prime Minister and Minister of Digitalization Krzysztof Havkowski told Onet. He did not disclose the city or possible perpetrators but emphasized that Polish authorities intercept roughly 99% of cyber threats.
Poland at the frontline of hybrid attacks
The incident highlights Poland’s vulnerability due to its role as a logistics hub supporting Ukraine. Previous incidents include the 2024 hack of the Polish Press Agency (PAP) that circulated false mobilization reports, arson attacks in Warsaw linked to Russian operatives, and a March 2025 cyberattack on the Polish Space Agency’s IT systems. Collectively, these events suggest a consistent strategy by Moscow to target critical infrastructure.
Pattern of Russian operations
Analysts note a clear sequence in Russian tactics: initial disinformation campaigns are followed by targeted cyberattacks and physical sabotage. Poland’s 3 billion zloty investment in cybersecurity reflects lessons from past breaches and emphasizes the need to anticipate low-probability, high-impact scenarios. Even with a high interception rate, a single successful attack could disrupt essential services such as water or electricity.
Cyberattacks with real-world consequences
In April 2025, Norwegian authorities reported that Russian hackers temporarily seized control of a hydroelectric facility in Bremanger, releasing water without casualties due only to low reservoir levels. This case illustrates that Russian cyber operations increasingly target physical processes rather than solely information systems, posing direct risks to European infrastructure.
Parallel use of covert operatives
Alongside cyber operations, Russia has employed foreign nationals and mercenaries for arson and sabotage within the EU. Poland attributed the 2024 Marywilska 44 shopping center fire to Russian intelligence and reported a Colombian involved in multiple arson attacks on Moscow’s behalf. Such tactics are cost-effective yet amplify fear and destabilization.
Broader European context
European nations, including France, Germany, the UK, the Baltic states, Poland, and the Czech Republic, have documented a range of sabotage attempts—from warehouse fires to symbolic vandalism. Experts increasingly recognize these as components of a coordinated campaign aimed at intimidating populations and creating divisions among countries supporting Ukraine.
Strategic response and accountability
Official attribution of attacks strengthens responses. Norway and Poland have openly identified Russian involvement in cyber and physical incidents, prompting criminal investigations, arrests, expulsions, sanctions, and enhanced counterintelligence measures. Breaking the cycle of Russian sabotage requires combining legal accountability, targeted sanctions, and coordinated operations, complemented by EU-NATO collaboration on intelligence sharing, infrastructure stress-testing, and synchronized sanctions enforcement.
