Sweden Blames Russian Hackers for Attempted Destructive Cyberattack on Thermal Plant

What happened

Sweden said hackers with connections to Russian intelligence and security services attempted a destructive cyberattack against one of the country’s thermal power plants in early 2025. Swedish officials said the attack was unsuccessful because a built-in protection mechanism blocked it before disruption could occur. Civil Defense Minister Carl-Oskar Bohlin said the incident reflects riskier and more reckless behavior and warned that pro-Russian groups once focused on denial-of-service attacks are now attempting destructive operations against organizations in Europe. 

Who is affected

The direct target was one of Sweden’s thermal power plants, though officials did not publicly identify the facility by name. The broader concern extends to energy and other critical infrastructure operators facing increasingly aggressive attacks aimed at causing real-world disruption to essential services. 

Why CISOs should care

This matters because the incident involved an attempted destructive attack against energy infrastructure rather than a conventional disruption or data theft operation. It also adds to a wider pattern of recent attacks and attempted attacks against power, water, and heating-related systems in Europe, raising the operational stakes for critical infrastructure defenders. 

3 practical actions

1. Review built-in safety controls: Validate that protection mechanisms in industrial and energy environments can stop destructive actions even if attackers reach operational systems. 
2. Treat critical infrastructure as a live target: Reassess threat models for facilities providing heat, power, or water, especially where disruption could quickly affect the public. 
3. Plan for hybrid escalation: Prepare for cyber activity that may be part of a broader pressure campaign, since Swedish officials said hybrid attacks extending beyond cyberspace are becoming more dangerous. 

For more news about disruptive intrusions affecting critical infrastructure, click Cyberattack to read more.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  CISO Diaries: Alessio Cipolletta on Security in Safety-Critical Aviation Environments
• John Kevin Hao

  FBI Warns of Kali365 Phishing-as-a-Service Platform After April Microsoft 365 Attacks
• John Kevin Hao

  Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
• John Kevin Hao

  CISO Diaries: Jason Scanlon on Security Culture, Leadership, and the Human Side of Cybersecurity