What happened
Sweden said hackers with connections to Russian intelligence and security services attempted a destructive cyberattack against one of the country’s thermal power plants in early 2025. Swedish officials said the attack was unsuccessful because a built-in protection mechanism blocked it before disruption could occur. Civil Defense Minister Carl-Oskar Bohlin said the incident reflects riskier and more reckless behavior and warned that pro-Russian groups once focused on denial-of-service attacks are now attempting destructive operations against organizations in Europe.
Who is affected
The direct target was one of Sweden’s thermal power plants, though officials did not publicly identify the facility by name. The broader concern extends to energy and other critical infrastructure operators facing increasingly aggressive attacks aimed at causing real-world disruption to essential services.
Why CISOs should care
This matters because the incident involved an attempted destructive attack against energy infrastructure rather than a conventional disruption or data theft operation. It also adds to a wider pattern of recent attacks and attempted attacks against power, water, and heating-related systems in Europe, raising the operational stakes for critical infrastructure defenders.
3 practical actions
- Review built-in safety controls: Validate that protection mechanisms in industrial and energy environments can stop destructive actions even if attackers reach operational systems.
- Treat critical infrastructure as a live target: Reassess threat models for facilities providing heat, power, or water, especially where disruption could quickly affect the public.
- Plan for hybrid escalation: Prepare for cyber activity that may be part of a broader pressure campaign, since Swedish officials said hybrid attacks extending beyond cyberspace are becoming more dangerous.
For more news about disruptive intrusions affecting critical infrastructure, click Cyberattack to read more.