“在过去的一年里,俄罗斯的手段发生了转变,”瑞典民防大臣卡尔-奥斯卡·博林(Carl-Oskar Bohlin)周三表示。“曾经发动拒绝服务攻击的亲俄团体,现在正试图对欧洲的机构发动破坏性网络攻击。”
在斯德哥尔摩举行的新闻发布会上,博林宣布瑞典政府已得出结论,认为2025年对瑞典西部一家热电厂发动的网络攻击是由一个与俄罗斯安全和情报部门有联系的亲俄团体实施的。博林接着将这次攻击与2025年12月对波兰电网的攻击进行了对比。我们在斯德哥尔摩、华沙和华盛顿的专家就此接过了话题:
斯德哥尔摩——瑞典本周的声明标志着该国在公开界定来自俄罗斯威胁的方式上发生了重要转变。针对瑞典目标的网络入侵并非新鲜事,但瑞典当局首次公开将此类活动归咎于与俄罗斯安全和情报部门有关联的行为者,并将其与针对瑞典境内关键基础设施的未遂入侵联系起来。
在瑞典,反应是克制而严肃的,这一事件被视为系统性模式的一部分。官员们明确将其与去年12月波兰能源系统遭受的类似攻击联系起来,当时协调行动大规模地针对了热电供应,此外挪威和丹麦也遭受了类似攻击。由于防护系统发挥了作用,瑞典的案例并未造成重大中断,但这仍然代表了对北约成员国民用基础设施的影响尝试。
该事件还表明了俄罗斯战术的转变。行动正日益指向控制物理功能的运营技术(OT),增加了现实世界发生中断的可能性,特别是在能源领域,即使是有限的干扰也可能产生不成比例的社会影响。在超过150起破坏活动、网络攻击和影响……
“Over the past year, Russia’s methods have shifted,” Swedish Civil Defense Minister Carl-Oskar Bohlin said on Wednesday. “Pro-Russian groups that once carried out denial-of-service attacks are now attempting destructive cyberattacks against organizations in Europe.”
During his press conference in Stockholm, Bohlin announced that the Swedish government has concluded that a 2025 cyberattack on a heating plant in western Sweden was carried out by a pro-Russian group with links to Russian security and intelligence services. Bohlin went on to compare this attack to a December 2025 attack on Poland’s power grid. Our experts in Stockholm, Warsaw, and Washington take up the story from there:
STOCKHOLM—Sweden’s announcement this week marks an important shift in how the country publicly frames the threat from Russia. Cyber intrusions against Swedish targets are not new, but for the first time, Swedish authorities have openly attributed such activity to actors linked to Russian security and intelligence services, connecting it to an attempted intrusion into critical infrastructure on Swedish territory.
In Sweden, the reaction has been measured but serious, with the incident seen as part of a systematic pattern. Officials have explicitly linked it to similar attacks against energy systems in Poland in December, where coordinated operations targeted heat and power supply at scale, as well as in Norway and Denmark. The Swedish case caused no major disruption, as protective systems held, but it nevertheless represents an attempt to affect civilian infrastructure in a NATO member state.
The incident also points to a shift in Russian tactics. Operations are increasingly directed at operational technology controlling physical functions, raising the potential for real-world disruption, particularly in the energy sector, where even limited interference can generate disproportionate societal effects. Against the backdrop of more than 150 incidents of sabotage, cyberattacks, and influence operations linked to Russia across Europe since 2022, this reflects a more risk-acceptant approach within a sustained campaign to pressure European states supporting Ukraine, testing resilience, creating uncertainty, and demonstrating reach without triggering direct military confrontation.
This has accelerated a policy shift. Sweden and its regional partners are placing greater emphasis on civil preparedness, infrastructure protection, and public-private coordination, while deepening cooperation through NATO and the European Union. The broader conclusion is that such attacks form part of the same strategic continuum as Russia’s war against Ukraine, with Moscow probing how far it can go below the threshold of open conflict.
—Anna Wieslander
WARSAW— The incident in Sweden can be easily linked to events in Poland in December 2025. That month saw fewer incidents on average than the rest of the year—but it included one of the most serious operations against Polish critical infrastructure
