%202.svg)
Polish Hydropower Plant
Russian Hacktivists’ custom malware
Energy
Disrupted turbine controls, causing anomalous power output and water flow (no physical damage or outages occurred)
Likely unpatched VPN or SCADA interfaces, attackers used stolen credentials from earlier reconnaissance.
Weak Credentials, Lack of Segmentation
Network Cloaking
In August 2025, Russian hacktivists were reported to have disrupted operations at a Polish hydropower plant.
Initial breach (May 2025) of the Tczew plant’s control systems; attackers gained partial access but caused minimal disruption because the facility was offline for maintenance, resulting in no operational impact. In August 2025, hackers remotely manipulate the plant’s interface, targeting SCADA-like systems. Turbine RPM spiked erratically (e.g., sudden accelerations/decelerations), water levels fluctuated, and power output dropped to zero intermittently for ~30–60 minutes.
The Polish plant disruption falls into the category of direct, opportunistic attacks leveraging exposed ICS components. BlastWave Gateways placed in front of the plant’s control systems would deliver Network Cloaking.
The hackers would have been unable to discover or access the internet-facing PLCs or HMIs because the ports would be invisible to unauthorized network traffic, thwarting the attack’s initial access vector.
Reading about past failures is only useful if it changes future outcomes. If attackers can see your OT network, they can target it. If they can target it, compliance, safety, and uptime are already at risk.
BlastWave eliminates reconnaissance, initial access, and lateral movement — without agents, without downtime, and without changing IPs, protocols, or PLCs.