A suspected pro-Russian hacker group attempted to disrupt operations at a thermal power plant in western Sweden last year, according to a Swedish defense official.
Sweden’s minister for civil defense, Carl-Oskar Bohlin, announced during a press conference in Stockholm on Wednesday that the intrusion took place in the spring of 2025. The attempt failed due to the facility’s built-in security protections, according to therecord.media.
Bohlin did not name the specific plant targeted in the attack. However, he confirmed that Sweden’s security service investigated the incident and identified perpetrators believed to have links to Russian intelligence services.
Shift toward destructive tactics
The incident follows a pattern of cyber activity targeting the energy sector across Europe. Bohlin noted that similar attempts have been recorded in neighboring Norway and Denmark, while Poland recently faced a much larger-scale attack.
Swedish officials believe the operation signals a change in strategy for pro-Russian hacker groups. These groups previously focused on denial-of-service attacks to knock websites offline, but are now moving toward more dangerous methods.
“These groups that once carried out denial-of-service attacks are now attempting destructive cyberattacks against organizations in Europe,” Bohlin said, as reported by therecord.media.
The intrusion specifically targeted operational technology (OT) systems. These industrial software layers control physical infrastructure like power plants, water facilities, and manufacturing equipment.
“If these systems are disrupted, destroyed, or remotely controlled by a threat actor, the consequences for society can be significant,” Bohlin said.
This escalation mirrors recent events in Poland, where the Russia-linked group Sandworm used data-wiping malware to target the power grid. That attack threatened to cut electricity to hundreds of thousands of people.
Ukraine has also faced persistent cyber operations against its energy sector. While many recent intrusions focus on intelligence gathering to support missile strikes, the threat of physical disruption remains high.
U.S. authorities issued a joint advisory last year warning that Russian government-backed groups, including CyberArmyofRussia_Reborn and NoName057(16), are targeting Western infrastructure in the energy, water, and food production sectors.
