The Norwegian counterintelligence accused pro-Russian hackers of cyberattacking a dam in Bremanger on the western coast of the country. The incidental occurred on April 7, 2025.
The perpetrators obtained distant access to the valve control strategy and manipulated the flow for about 4 hours, expanding it to 500 litres per second. Although there was no harm or threat to residents, the services considered it a serious act of sabotage of critical infrastructure.
The attack touched a dam serving a fish farm, not a hydroelectric power plant, as was initially suspected. However, the event was considered possibly dangerous, especially as the safety strategy proved weak, which enabled hackers to enter the control panel. Shortly after the incident, a video of a panel featuring the logo of a pro-Russian cybercrime group appeared on the Internet. It was this video that provided key evidence to the services and confirmed that the attack was deliberate.
The chief of the Norwegian counterintelligence Beate Gangås stated that this action falls within the wider context of Russia's hybrid war. This is not about destroying objects, but about causing anxiety and showing that the West is not safe. specified actions are a tool of intellectual and political force – they are designed to disorganize, weaken assurance in the institution and social network.
According to Norwegian services, this is the first case in Europe to officially delegate cyberattacks to Russian water infrastructure groups. Importantly, Norway is peculiarly exposed to specified risks, due to its distributed hydro-energy systems and the importance of the water industry. Since 2022 more than 70 incidents have been recorded across Europe, which have been marked by sabotage or cyber attacks, frequently attributed to pro-Russian groups.
These attacks are becoming increasingly sophisticated and more hard to detect. It is no longer just about disrupting systems, but about spreading uncertainty over the long term. Russian hacker groups are increasingly exploiting weaknesses in the infrastructure of NATO countries, investigating the consequence of authorities and defence capabilities. Bremanger was most likely a test goal — easy but symbolic enough.
The Norwegian services have decided to publically disclose details of the attack not only for information reasons but besides as a informing to another countries. Cyberspace has ceased to be a domain of only computer scientists — it has become a field of real conflict for influence, stability, and national security. In the face of increasing geopolitical tensions, specified incidents will be only more, and effective infrastructure protection will become a key component in the safety policy of each developed state.
