Sweden's government revealed on Wednesday that a pro-Russian cyber group attempted to disrupt a thermal power plant in western Sweden last year. The attack, which occurred in spring 2025, failed due to the facility's built-in security protections.

Civil Defence Minister Carl-Oskar Bohlin disclosed the incident during a press conference in Stockholm. He stated that Sweden's Security Police investigated the matter and identified the perpetrators, who have connections to Russian intelligence and security services. "The Security Police handled the case and were able to identify the actor behind it, who had connections to Russian intelligence and security services," Bohlin said.

Bohlin did not name the specific power plant or the hacker group. Reports indicate the target was likely a facility operated by Uniper, such as Öresundsverket in Malmö, though officials withheld confirmation. The minister highlighted a shift in tactics by pro-Russian actors, noting that groups previously focused on denial-of-service attacks are now pursuing destructive operations against European critical infrastructure. "These groups that once carried out denial-of-service attacks are now attempting destructive cyberattacks against organizations in Europe," he explained. He warned that disruptions to such systems could have significant societal consequences.

The announcement comes amid heightened concerns over Russian hybrid warfare in Europe, intensified since Moscow's 2022 invasion of Ukraine. Swedish officials linked the plot to a broader pattern of sabotage and cyberattacks targeting energy, transport, and other sectors. Over 150 such incidents have been tracked across the continent by Western authorities, aimed at eroding support for Ukraine, sowing discord, and straining resources.

Similar attacks have struck neighboring countries. In December 2025, Poland suffered coordinated cyberattacks on combined heat and power plants serving nearly 500,000 customers, as well as wind and solar farms; Warsaw blamed hackers directly tied to Russian services. Norway reported pro-Russian hackers remotely opening a dam valve in August, while Denmark faced assaults on a water utility in 2024. Latvia's railway infrastructure burned in March, attributed to actors serving Russian interests.

Bohlin compared Sweden's incident to Poland's, emphasizing the focus on operational technology systems that control physical infrastructure. He described Russia's behavior as increasingly risky and careless.

Russia's embassy in Stockholm denied involvement. Ambassador Sergey Belyaev called the claims "unfounded suspicions" based on the West's "highly likely" principle, according to RIA Novosti. The Kremlin has consistently rejected accusations of orchestrating sabotage campaigns in Europe.

Sweden, a NATO member since 2024, has bolstered defenses against such threats. The Security Police confirmed no ongoing investigation into the power plant case. Officials urged continued vigilance as Russian activities target Nordic energy systems and beyond.