“Over the past year, Russia’s methods have shifted,” Swedish Civil Defense Minister Carl-Oskar Bohlin said on Wednesday. “Pro-Russian groups that once carried out denial-of-service attacks are now attempting destructive cyberattacks against organizations in Europe.”
During his press conference in Stockholm, Bohlin announced that the Swedish government has concluded that a 2025 cyberattack on a heating plant in western Sweden was carried out by a pro-Russian group with links to Russian security and intelligence services. Bohlin went on to compare this attack to a December 2025 attack on Poland’s power grid. Our experts in Stockholm, Warsaw, and Washington take up the story from there:
STOCKHOLM—Sweden’s announcement this week marks an important shift in how the country publicly frames the threat from Russia. Cyber intrusions against Swedish targets are not new, but for the first time, Swedish authorities have openly attributed such activity to actors linked to Russian security and intelligence services, connecting it to an attempted intrusion into critical infrastructure on Swedish territory.
In Sweden, the reaction has been measured but serious, with the incident seen as part of a systematic pattern. Officials have explicitly linked it to similar attacks against energy systems in Poland in December, where coordinated operations targeted heat and power supply at scale, as well as in Norway and Denmark. The Swedish case caused no major disruption, as protective systems held, but it nevertheless represents an attempt to affect civilian infrastructure in a NATO member state.
The incident also points to a shift in Russian tactics. Operations are increasingly directed at operational technology controlling physical functions, raising the potential for real-world disruption, particularly in the energy sector, where even limited interference can generate disproportionate societal effects. Against the backdrop of more than 150 incidents of sabotage, cyberattacks, and influence operations linked to Russia across Europe since 2022, this reflects a more risk-acceptant approach within a sustained campaign to pressure European states supporting Ukraine, testing resilience, creating uncertainty, and demonstrating reach without triggering direct military confrontation.
This has accelerated a policy shift. Sweden and its regional partners are placing greater emphasis on civil preparedness, infrastructure protection, and public-private coordination, while deepening cooperation through NATO and the European Union. The broader conclusion is that such attacks form part of the same strategic continuum as Russia’s war against Ukraine, with Moscow probing how far it can go below the threshold of open conflict.
—Anna Wieslander
WARSAW— The incident in Sweden can be easily linked to events in Poland in December 2025. That month saw fewer incidents on average than the rest of the year—but it included one of the most serious operations against Polish critical infrastructure