Pierluigi Paganini
April 16, 2026
Sweden has blamed a pro-Russian group linked to Russian intelligence for a failed cyberattack on a heating plant in 2025. Officials say the incident is part of a broader wave of attacks targeting critical infrastructure across Europe. Similar operations have been reported in Poland, affecting energy systems serving hundreds of thousands of people, raising concerns over escalating cyber threats tied to Russia.
Sweden has publicly confirmed for the first time a failed cyberattack on a heating plant in the west, according to Civil Defense Minister Carl-Oskar Bohlin. The Minister linked the incident to a wave of similar attacks that targeted Poland, where energy facilities serving 500,000 people were hit, with evidence pointing to Russian-linked hackers.
“The attacks are among more than 150 incidents of sabotage and malign activity across Europe tracked by The Associated Press and linked to Russia by Western officials since Moscow’s full-scale invasion of Ukraine in February 2022.” reported the report published by Associated Press. “Officials say a goal of the attacks is to undermine support for Ukraine, spread fear and discord in European societies and drain investigative resources.
Cyberattacks linked to Russia have increasingly targeted European countries and their critical infrastructure, often seen as retaliation for support to Ukraine. Energy grids, water systems, and transport networks have been disrupted or probed in coordinated campaigns. These operations combine cyber sabotage, espionage, and influence tactics, aiming to create instability and test resilience. While often limited in immediate impact, they signal a broader strategy of hybrid warfare, where digital attacks complement geopolitical pressure across Europe.
The Kremlin has denied any role in sabotage across Europe, despite multiple incidents blamed on pro-Russian actors. In 2024, cyberattacks in Denmark disrupted a water utility, leaving homes without supply. Norwegian authorities reported hackers remotely opening a dam valve, while Latvia linked arson attacks on rail infrastructure to individuals acting in Russia’s interests, highlighting a pattern of hybrid threats.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Sweden)
