Russian hackers have once again targeted a small hydropower plant in Poland, with the latest breach disrupting its control systems. It’s the second confirmed attack this year, following an earlier breach in May.
The power plant is located near Gdańsk, in the north of the country, and it was not difficult to trace who was behind it. The hackers themselves published a video showing how they managed to manipulate the plant’s interface.
Based on the video and technical details, it’s most likely that hackers attacked a small hydroelectric power plant in Tczew. Its turbine type, head, and installed power match the data seen in the attack footage.
Here’s how it happened. Once in the system, hackers were able to change operational parameters to their minimum or maximum values. This forced the generator and rotor – the part of the plant’s turbine that spins when water flows through it – to stop.
The turbine’s RPM (a measurement that shows how fast something, such as a turbine, is spinning) and power output started behaving in unusual and unlikely ways.
This data allowed Polish analysts to conclude that the hack had a real impact on plant operations by successfully causing disruption – it was not a simulation or a test. On the day of the attack, monitoring data showed rapid spikes in turbine speed and water level, along with periods of zero power output.
The same plant was also targeted in May, but hackers failed to gain full control. The plant was offline at the time, limiting the impact that the hackers could have. The latest attacks, which were likely to have happened on August 10th, mark the first time the cybercriminals have successfully interfered with the plant while it was fully operational.
As CyberDefence24 reports, attacks on Polish industrial automation systems are beginning to show consistent patterns. In just the last couple of months, hackers have launched attacks on water treatment plants in Szczytno, Sierakowo, Witków, and the sewage treatment plant in Kuźnica. Some swimming pools and fountains have also been targeted.
A cyberwar on power and influence
In an interview with The Times, Poland’s deputy PM Krzysztof Gawkowski said that the country is facing 300 cyberattacks from Russia every day – three times the number last year. Some are attempts to shut down the water network or power grids. However, Poland is not unique in this perspective, as according to the MP, Russia is targeting Western countries that openly declare their support for Ukraine in the ongoing war.
As Poland is a neighbour of Ukraine, the country’s border is the place where many war refugees escape from Ukraine. It’s also a bridge from where military supplies enter the country, making Poland a red flag to the angry bull from Moscow.
Neither Poland as Ukraine’s supporter, nor water facilities, are unique among Russian cyberattack targets on European countries.
For instance, in Norway, hackers manipulated dam valves. These mechanical devices control the flow of water through a dam or a hydropower plant. Workers can lift or close valves, regulating how much water is directed into turbines that then spin and generate electricity.
It was announced last week that Russia had organized the attack. The US and French water facilities have also been targeted.
Your email address will not be published. Required fields are markedmarked