We reported that recently that Russian Hackers Seize Control of Norwegian Dam in April 2025. Now the Norwegian security in reporting that a recent cyberattack in Norway, attributed to the same pro-Russian group that remotely opened a dam earlier this year, made headlines after being covered by Aftenposten and other media. Here is what has been confirmed:
- Incident Details: In April 2025, pro-Russian hackers compromised the digital control system of the Bremanger dam in western Norway. They remotely opened the floodgates, releasing approximately 500 litres (132 gallons) of water per second for around four hours before the attack was detected and halted. In total, more than 7.2million litres (1.9million gallons) flooded into the local river. The dam is used primarily for fish farming, not power generation, and fortunately the reservoir was below flood levels, so there were no injuries or major damage.
- Claim of Responsibility & Evidence: The attackers posted a three-minute video on Telegram, showing the dam’s control panel with a watermark linked to a known pro-Russian cybercriminal group. Norwegian police (Kripos) and intelligence services (PST) confirmed this group combines several actors involved in Western cyberattacks and noted its intention was likely to demonstrate capability rather than cause outright destruction.
- Official Response: Norwegian Police Security Service head Beate Gangås openly attributed the attack to Moscow-linked actors at the annual Arendalsuka forum, marking the first formal public accusation. She emphasized that such incidents are intended to instil fear, spark unrest, and showcase vulnerability in Norwegian infrastructure. While the attack didn’t harm anyone, it highlighted ongoing concerns about the security of Norway’s energy and critical infrastructure amid increasing hybrid threats from Russia.
- Russian Response: The Russian embassy in Oslo dismissed the Norwegian accusations as “unfounded and politically motivated”.
- Pattern of Attacks: This incident is part of a wider shift, with Norwegian officials noting an increase in coordinated pro-Russian cyber operations against Western infrastructure over the past year. It follows earlier attacks, such as denial-of-service operations against Norwegian state services.
In summary, the new incident making headlines is the official revelation and detailed attribution surrounding the pro-Russian cyberattack on the Bremanger dam in April 2025, involving the remote opening of floodgates, a public claim of responsibility by the group, and ongoing concerns about the threat to Norwegian infrastructure from Russian-sponsored cyber activity.