%202.svg)
Bremanger Dam
Russian Hacktivists’ hands-on keyboards
Energy
Hackers remotely opened a floodgate, releasing water uncontrollably for four hours before detection.
Weak Passwords on web-accessible control panel (likely default password)
Weak Credentials
Network Cloaking
In April 2025, an attack attributed to Russia briefly seized control of the Bremanger Dam in Norway.
Hackers remotely access the dam’s web-accessible control system, exploiting a weak password to open a floodgate. Water discharged at 500 liters/second(~132 gallons/second) for ~4 hours, equivalent to ~3 Olympic-sized swimming pools (~7.2 million liters total).
While authorities noted no damage occurred, the intent was to sow fear and cha-os by demonstrating unauthorized access to critical dam control systems. This attack vector relies on gaining control of supervisory systems through compromised credentials or exposed remote access points to OT systems.
The key failure was unauthorized individuals discovering and gaining command of the web-accessible control plane. BlastWave’s Network Cloaking would ensure that this interface was not discoverable from the public internet.
If Passwordless remote access were added, even stolen credentials would not grant access to the HMI used by the hackers.
Reading about past failures is only useful if it changes future outcomes. If attackers can see your OT network, they can target it. If they can target it, compliance, safety, and uptime are already at risk.
BlastWave eliminates reconnaissance, initial access, and lateral movement — without agents, without downtime, and without changing IPs, protocols, or PLCs.