Russia's Hackers Stopped Spying. They Started Destroying.

Russian hackers have moved from reading systems to breaking them. Sweden’s civil defense minister Carl-Oskar Bohlin said Wednesday that hackers with ties to Russian intelligence attempted a destructive cyberattack on a Swedish thermal power plant in early 2025. The attack failed — blocked by a built-in protection mechanism — but the intent marks a clear escalation.

“Pro-Russian groups that once carried out denial-of-service attacks are now attempting destructive cyber attacks against organizations in Europe,” Bohlin said, as quoted by Bloomberg.

The distinction matters. Denial-of-service attacks flood servers with traffic — annoying, disruptive, but temporary. Destructive attacks aim to damage or disable physical infrastructure. A thermal plant offline in a Swedish winter isn’t an inconvenience. It’s a crisis.

Bohlin did not name the facility but described the incident as evidence of “riskier and more reckless behavior” by Russian-linked hackers. The Russian government did not respond to a request for comment from TechCrunch.

This is not an isolated incident. Russia was accused of attempting to bring down parts of Poland’s power grid in December 2025. Earlier that year, Russian hackers briefly hijacked a dam in Norway, opening floodgates and spilling millions of gallons of water before being expelled. A 2024 cyberattack on a municipal energy company in Lviv, Ukraine left hundreds of apartments without heat for two days during freezing temperatures. Researchers said some evidence pointed to hackers operating from Russia, but the attribution could not be confirmed.

The pattern is clear: critical infrastructure across Europe — power grids, dams, heating systems — is being actively tested by actors willing to cause real-world harm. Sweden’s decision to publicly describe the attack as “destructive” is itself significant. NATO members have been reluctant to name specific incidents in such direct terms, partly because doing so demands a response.

For a military alliance built on collective defense, the question is sharp: at what point does a cyberattack on civilian infrastructure become an armed attack? Sweden just made that question harder to avoid.

Sources

Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant — TechCrunch

Discussion (5)

justsomeguy404

Good?? If they stopped spying that's a win right?

2 ↑

TexRex_83

bro did you even read past the headline? they stopped spying so they could start DESTROYING infrastructure. it's literally the opposite of a win lmao

5 ↑

Diane

At what point does this become an act of war? Like genuinely asking? They opened floodgates on a DAM. How is that not already considered an attack on a NATO country??

14 ↑

marcus_t

The article mentions a dam in Norway where hackers 'opened floodgates and spilled millions of gallons of water.' That's a terrifying level of access. But it also says the Lviv attack 'could not be confirmed' as Russia. Interesting that Sweden is willing to name it directly while others hedge.

8 ↑

oldpaint

this is why i keep telling my wife we need a generator. she thinks im being paranoid. am i being paranoid??

21 ↑

Sources

Discussion (5)

More Stories