Sweden blames Russian hackers for attempted ‘destructive’ cyberattack on thermal power plant

Swedish authorities have accused Russian state-linked hackers of trying to launch a destructive cyberattack against a thermal power plant in early 2025. The attack ultimately failed, but officials warn that hybrid warfare tactics — blending digital intrusions with physical threats — are becoming more aggressive across Europe.

Carl-Oskar Bohlin, Sweden’s minister of civil defense, revealed the incident during a press conference on Wednesday. He attributed the attempted breach to hackers with ties to Russian intelligence and security services. While the plant was not named, Bohlin confirmed that the attack was thwarted by a built-in protection mechanism.

“Pro-Russian groups that once carried out denial-of-service attacks are now attempting destructive cyber attacks against organizations in Europe,” Bohlin said, as quoted by Bloomberg.

This case underscores a worrying shift: hackers no longer aim merely to disrupt websites or steal data. Instead, they are targeting critical infrastructure — energy grids, water systems, and industrial controls — with the goal of causing real-world damage.

How the Swedish thermal plant attack unfolded

According to Bohlin, the attempted intrusion occurred in early 2025. The hackers tried to compromise operational technology systems at the thermal plant, which generates heat and electricity for local communities. Fortunately, the plant’s safety systems blocked the attack before any physical damage or service disruption occurred.

Bohlin described the behavior as “riskier and more reckless” than previous cyber operations linked to Russia. He did not provide technical details, but cybersecurity experts note that targeting industrial control systems requires significant skill and preparation — and carries a high risk of unintended consequences.

“This is not a random script-kiddie operation,” said a senior European cybersecurity official who spoke on condition of anonymity. “These are state-backed actors with clear intent to cause harm.”

The Swedish government has not released evidence publicly, but the attribution aligns with patterns observed by intelligence agencies across NATO countries.

Rising wave of Russian-linked attacks on critical infrastructure

The Swedish incident fits a broader pattern of Russian-linked cyberattacks against energy and water infrastructure. In December 2024, Russia was accused of attempting to destabilize parts of Poland’s power grid. Earlier that year, hackers briefly hijacked a dam in Norway, opening floodgates that released millions of gallons of water before being expelled from the system.

In Ukraine, the impact has been even more direct. A cyberattack on a municipal energy company in Lviv in January 2024 left hundreds of apartments without heat for two days during freezing temperatures. Researchers found evidence pointing to Russian hackers, though attribution could not be fully confirmed.

These attacks echo the 2015 power grid blackout in Ukraine, which was widely attributed to Russian state-sponsored hackers. That incident cut electricity to hundreds of thousands of people and remains a benchmark for cyber-physical threats.

Hybrid warfare: blending digital and physical threats

Sweden’s civil defense minister emphasized that hybrid attacks — those that extend beyond cyberspace and into the physical world — are becoming more dangerous. The line between cyber espionage and sabotage is blurring, forcing governments to rethink their defense strategies.

“This is not just about data breaches anymore,” Bohlin said. “It is about protecting the systems that keep our society running.”

European nations are now investing heavily in cyber resilience for critical infrastructure. Sweden, for example, has strengthened its cyber defense capabilities and is working closely with NATO allies to share threat intelligence.

Russia’s response and international reaction

A spokesperson for the Russian government did not respond to requests for comment from TechCrunch. Moscow has consistently denied involvement in cyberattacks against Western targets, despite extensive evidence from intelligence agencies and cybersecurity firms.

Nevertheless, the Swedish attribution is likely to increase diplomatic pressure on Russia. The European Union has already imposed sanctions on individuals and entities linked to cyber operations against member states. Further sanctions could target Russian intelligence units responsible for industrial control system attacks.

In the meantime, cybersecurity experts urge critical infrastructure operators to implement robust segmentation, network monitoring, and offline safety mechanisms — the kind of protection that saved Sweden’s thermal plant.

What this means for the future of European security

The attempted attack on Sweden’s thermal plant is a stark reminder that no country is immune. As hybrid warfare tactics evolve, the risk of a successful destructive cyberattack on critical infrastructure remains high.

Governments must move beyond traditional cybersecurity and adopt a whole-of-society approach. This includes public-private partnerships, regular penetration testing, and public awareness campaigns. Protecting critical infrastructure is no longer just an IT issue — it is a national security priority.

“We are seeing a new era of conflict,” Bohlin warned. “One where a hacker in a basement can cause a power outage, a flood, or worse. We must be prepared.”

For now, Sweden’s thermal plant remains operational. But the question lingers: what happens next time the protection mechanism fails?