State‑Linked Hackers Breach Poland’s Water Treatment Plants, Gaining Real‑Time Control of Critical Infrastructure
What Happened — In 2025 Poland’s Internal Security Agency (ABW) disclosed that Russian‑linked APT groups infiltrated the industrial control systems (ICS) of five municipal water‑treatment facilities, obtaining the ability to modify equipment settings in real time. The intrusion was enabled by weak password policies and management interfaces that were exposed directly to the public Internet.
Why It Matters for TPRM —
- Basic OT hygiene failures can translate into sabotage of essential services, creating downstream supply‑chain risk for any vendor that depends on reliable water provision.
- State‑backed actors are actively targeting European critical infrastructure, raising geopolitical risk for third‑party contracts.
- Continuous monitoring and hardening of OT environments are now mandatory controls for vendors handling public utilities.
Who Is Affected — Water utilities, municipal infrastructure operators, OT/ICS service providers, and downstream industries (food & beverage, pharmaceuticals, manufacturing) that rely on uninterrupted water supply.
Recommended Actions —
- Review all third‑party contracts involving water‑related services and verify that vendors implement robust OT security controls.
- Enforce strong, unique passwords and multi‑factor authentication for all OT management interfaces; remove any internet‑facing access unless absolutely required.
- Deploy network segmentation, intrusion‑detection for OT traffic, and continuous monitoring for anomalous command‑and‑control activity.
Technical Notes — Attack vector: weak passwords and exposed management interfaces (MISCONFIGURATION). No zero‑day exploits were reported. Capability: real‑time alteration of pump, valve, and chemical dosing parameters, posing a direct sabotage threat. Attribution: Russian‑linked APT28, APT29 and Belarus‑aligned UNC1151. Source: Security Affairs