Sweden says pro-Russian cyber group tried to hit power plant, attack failed

A pro-Russian cyber group tried to disrupt operations at a thermal power plant in western Sweden last spring, but the attack failed because the facility’s defenses held and no serious consequences followed. The disclosure put one of the country’s energy assets at the center of a wider warning from Stockholm that Russia-linked hybrid attacks are growing more frequent and more dangerous.

Civil Defence Minister Carl-Oskar Bohlin said Sweden’s Security Police identified the actor behind the intrusion and traced links to Russian intelligence and security services. Authorities did not name the plant, but they said a built-in protection mechanism kept the incident from turning into a serious operational problem. The Security Police no longer has an open investigation, suggesting officials believe the immediate threat has been contained.

The episode matters because it shows how energy infrastructure remains a live target in the cyber conflict surrounding Europe. Bohlin compared the Swedish case with attacks in Poland that officials there have blamed on Russian spy agencies. He also warned that groups once associated mainly with denial-of-service attacks are now trying to move into destructive operations against businesses and critical infrastructure. That shift raises the risk from temporary outages and nuisance disruptions to potential physical damage, economic losses and broader public alarm.

For policymakers, the lesson is stark. Thermal plants, along with power transmission and fuel supply chains, are part of the backbone of civil defense, not just information technology. Sweden’s decision to disclose the attempt signals that even failed intrusions can reveal intent, technique and target selection. That makes public disclosure part of deterrence, allowing allies to see where hostile actors are probing and how far their capabilities may already have advanced.

The case also reinforces a broader European pattern. Energy systems have become a prime target for state-linked cyber activity as tensions with Russia continue over the war in Ukraine. Moscow routinely denies involvement in malicious cyber operations in Europe, but officials in Sweden and elsewhere are treating the threat as persistent and increasingly aggressive. The fact that one plant’s protections worked should not obscure the larger warning: the next attack may not fail, and the next target may not be so well prepared.