Russian-Linked Hackers Targeted Swedish Heating Plant in Spring 2025, Stockholm Reveals

Sweden’s Civil Defense Minister Carl-Oskar Bohlin announced Wednesday that a pro-Russian group tied to Russian intelligence and security services attempted a destructive cyberattack on a thermal power plant in western Sweden in spring 2025. The Swedish Security Service (SÄPO) identified the actor and said the attack failed because of a built-in protection mechanism.

“Fortunately, no serious consequences occurred due to a built-in protection mechanism,” Bohlin said at a press conference in Stockholm. “The Security Police handled the case and were able to identify the actor behind it, who had connections to Russian intelligence and security services,” he added.

“Pro-Russian groups that once carried out denial-of-service attacks are now attempting destructive cyberattacks against organizations in Europe, also against Swedish targets,” Bohlin said. He described the pattern as a shift toward “riskier and more reckless behavior.”

Pro-Russian hackers attempted to attack a heating plant in Sweden.

Swedish Civil Contingencies Minister Carl-Oskar Bohlin says that pro-Russian hackers attempted a cyberattack on the systems of a heating plant in western Sweden last year. Bohlin made the announcement at a press… pic.twitter.com/M2xI5cuhT6

— 𝕽𝖎𝖘𝖙𝖔 𝕾𝖚𝖔𝖒𝖊𝖑𝖆 🇫🇮🇺🇦 (@RistoSuomela) April 15, 2026

Bohlin cited Poland’s December 2025 energy infrastructure attack as a direct parallel, saying Norway and Denmark have faced similar pressure.

That day, coordinated wiper malware tools, DynoWiper and LazyWiper, struck more than 30 Polish wind and photovoltaic farms and a combined heat-and-power plant serving nearly 500,000 residents during freezing temperatures.

CERT Polska attributed the incident to a Russian government actor in a January 2026 report. Polish officials subsequently named Russia’s Federal Security Service (FSB).

Russian Ambassador to Stockholm Sergey Belyaev rejected the accusations as “unfounded suspicions” based on what he called the “highly likely” principle favored by Western countries. SÄPO confirmed it no longer holds an open investigation into the Swedish incident.

Western agencies this month separately exposed a campaign by the Fancy Bear hacking group, tied to Russia’s military intelligence agency (GRU), which used compromised Wi-Fi routers to extract credentials and sensitive communications from government and military networks across Europe and North America.