A suspected pro-Russian hacker group attempted to disrupt operations at a thermal power plant in western Sweden last year, according to a Swedish defense official.

The attempted intrusion took place in the spring of 2025 but was unsuccessful because of the facility’s built-in security protections, Carl-Oskar Bohlin, Sweden’s minister for civil defense, said during a press conference in Stockholm on Wednesday. He did not name the targeted plant.

Sweden’s security service investigated the incident and identified the alleged perpetrators, who Bohlin said are believed to have links to Russian intelligence services.

The incident is consistent with other cyber activity targeting the energy sector across Europe. Bohlin said similar attempts have been recorded in neighboring Norway and Denmark, while Poland experienced a comparable attack on a much larger scale. 

European officials have increasingly warned that Russia-linked cyber operations are targeting critical infrastructure, particularly in countries supporting Ukraine.

According to Swedish officials, the operation reflects a shift in tactics by pro-Russian hacker groups, which previously focused primarily on denial-of-service attacks designed to temporarily knock websites offline.

“These groups that once carried out denial-of-service attacks are now attempting destructive cyberattacks against organizations in Europe,” Bohlin said.

The attempted intrusion targeted an operational technology (OT) system, the industrial software that controls physical infrastructure such as power plants, water facilities, and manufacturing equipment.

“If these systems are disrupted, destroyed, or remotely controlled by a threat actor, the consequences for society can be significant,” Bohlin said.Last year, Poland said its power grid had been targeted by the Russia-linked hacking group Sandworm in an attack that used data-wiping malware designed to destroy critical systems and potentially cut electricity to hundreds of thousands of people.

Ukraine has also reported persistent cyber operations against its energy sector, though officials say many recent intrusions appear focused on gathering intelligence that could support missile strikes rather than immediately disrupting power systems.

In a joint advisory last year, U.S. authorities warned that several Russian government-backed groups — including CyberArmyofRussia_Reborn and NoName057(16) — have been targeting Western infrastructure operators in sectors such as energy, water, and food production.