Sweden reports that hackers connected to the Russian state tried to carry out a destructive cyberattack on one of its thermal power plants. Officials say this marks a more dangerous stage in attacks on European infrastructure.
The Swedish government said the attempted disruption happened in early 2025 and was linked to people with ties to Russian intelligence and security services.
Sweden says the attack was blocked before damage was done
According to TechCrunch, Sweden’s minister of civil defense, Carl-Oskar Bohlin, said during a press conference that the targeted thermal plant was not named publicly, but the intrusion was stopped due to a built-in protection mechanism.
As per Politico, Bohlin said the case pointed to riskier and more reckless behavior by the attackers, suggesting the objective went beyond nuisance-level hacking and moved toward attempted real-world disruption.
This difference is important because Sweden is not talking about a simple website hack or data theft. The government described the event as an attempt to disrupt energy infrastructure.
In other words, the target was not just computer systems, but the actual operations of a facility that provides heat and power.
Swedish officials say the threat has evolved
Bohlin also used this incident to warn that Russian-linked cyber operations are changing.
He added that pro-Russian groups that once carried out denial-of-service attacks are now attempting destructive cyber attacks against organizations in Europe.
This is a serious shift, since denial-of-service attacks are usually temporary, but destructive attacks can damage physical systems or cause long-term problems.
The Swedish government’s view matches a trend that security officials across Europe are watching closely: cyberattacks are now targeting essential services, not just stealing information or spreading propaganda. By highlighting the attack on a thermal plant, Sweden is showing that energy infrastructure is now seen as a high-risk target.
Part of a wider pattern of infrastructure targeting
The Sweden incident in the context of other recent attacks linked to Russian hackers or suspected Russian groups. Russia was accused of trying to disrupt Poland’s power grid in December 2025.
Earlier that year, Russian hackers briefly took control of a dam in Norway, opening floodgates and spilling “millions of gallons of water” before being stopped. The report also mentioned a January 2024 cyberattack on a municipal energy company in Lviv, Ukraine, which left hundreds of apartments without heat for two days during freezing weather.
These examples are important because they explain why Swedish officials see the latest incident as more than just a single breach. In each case, the worry is not only about hacking, but also about possible effects on electricity, water, or heat.
These are services that, if disrupted, can quickly become public safety problems.
Russia has not responded publicly
A Russian government spokesperson did not reply to its request for comment.
This means Sweden’s version of events stands uncontested for now. However, since there is no public technical report, many details about how the attack happened, what malware was used, or which industrial systems were targeted have not been shared.
Even so, the political message from Stockholm is clear. Sweden is treating the attempted attack as evidence that hostile cyber activity tied to Russia is becoming more aggressive and more willing to target the systems behind essential services.
If that assessment holds, the failed attack on a thermal plant may be remembered less as a one-off incident than as another sign that Europe’s cyber conflict is moving closer to the infrastructure people rely on every day.
