On April 7, 2025, a small but symbolically significant dam in Bremanger, western Norway, became the latest flashpoint in a growing cyber conflict between Russia and its European neighbors. For four hours, the dam’s digital control system was under the grip of pro-Russian hackers, who remotely opened its floodgates and released torrents of water into the Riselva River. While no one was injured and no major damage was reported, the incident has sent ripples of concern throughout Norway and the wider European community, raising fresh questions about the security of critical infrastructure in an era of hybrid warfare.
According to the Norwegian Police Security Service (PST), the hackers managed to open the dam’s valves, releasing approximately 500 liters—about 132 gallons—of water per second. By the time operators regained control, more than 7.2 million liters (1.9 million gallons) had surged through the dam. As reported by NRK and other local media, the dam itself is used primarily for fishery purposes and is not directly connected to Norway’s power grid, but the event nonetheless highlighted vulnerabilities in a country where hydropower is the backbone of electricity production.
The attack was first officially attributed to pro-Russian actors on August 13, 2025, when Beate Gangås, head of Norway’s PST, spoke candidly about the breach at the Arendalsuka national forum. “They don’t necessarily aim to cause destruction, but to show what they are capable of,” Gangås said, as quoted by BleepingComputer. She further emphasized, “The purpose of these kinds of actions is to exert influence and create fear or unrest in the population.”
The hackers’ intent appears to have been more about flexing their digital muscles than inflicting actual physical harm. This was underscored by the publication of a three-minute video on Telegram the same day as the attack, showcasing the dam’s control panel. The video bore a watermark associated with a pro-Russian hacker collective—identified in some reports as Z-Alliance—who claimed responsibility for the breach. The group has previously boasted about infiltrating industrial control systems in other countries, according to Recorded Future News.
Norwegian authorities, including the National Criminal Investigation Service (Kripos), have since confirmed the authenticity of the video and its connection to the attack. Kripos noted that the group behind the hack “brought together several actors who commit crime in the cyber domain” and has been linked to other cyberattacks on Western businesses in recent years, as reported by Aftenposten.
Although the technical sophistication of the attack was described as modest, its symbolic impact was hard to ignore. Norway, as Europe’s largest supplier of gas and a major producer of hydropower, is a prime target for those seeking to disrupt Western energy security. Intelligence services in Oslo had already warned in February 2025 that Russia would likely continue subversive activities targeting Norway’s logistics and energy infrastructure. The dam incident, they said, was a clear example of this evolving threat landscape.
“Over the past year, we have seen a change in activity from pro-Russian cyber actors,” Gangås stated, adding, “Our Russian neighbor has become more dangerous.” Norway’s Intelligence Chief, Nils Andreas Stensønes, echoed these concerns, telling BleepingComputer that while Norway is not at war with Russia, President Vladimir Putin continues to maintain tension through hybrid attacks against the West, making Russia “the biggest threat that Norway faces currently.”
The Russian embassy in Oslo, however, has strongly rejected all allegations of involvement. In a statement to Reuters, embassy officials called the accusations “unfounded and politically motivated,” accusing Norway of inventing the threat to justify its own security policies. The embassy argued that such claims were part of a broader “hybrid war” waged by Norway and its Western allies against Russia—alongside arms supplies to Ukraine and economic sanctions. “It is obvious that the PST is unsuccessfully trying to substantiate the mythical threat of Russian sabotage against Norwegian infrastructure this year, which it itself invented in its February (annual) report,” the embassy said.
Despite the denials, the context for such cyberattacks is clear. Since the start of the war in Ukraine in 2022, more than 70 incidents involving cyberattacks and other pressures on European infrastructure have been recorded, much of it attributed to Russia or its proxies, according to NRK. Similar attacks have also been reported outside Norway: in April 2024, a Russian group claimed responsibility for a cyberattack on a water and wastewater treatment plant in Indiana, and another incident in Muleshoe, Texas, was also linked to Russian hackers.
For Norway, the incident at Bremanger has become a catalyst for renewed efforts to bolster cyber defenses. The government has called for increased cooperation between public agencies and private sector operators, regular training exercises, and closer information-sharing with European partners. The head of Norway’s counterintelligence, Beate Hangaas, stressed the importance of “raising the level of cyber security and expanding cooperation between government agencies and the private sector to stabilize water and energy supplies for countries in crisis conditions.”
The attack has also drawn attention to the broader phenomenon of “hybrid warfare”—a blend of cyberattacks, disinformation campaigns, and occasional physical sabotage designed to sow confusion and erode trust in Western institutions. As Britain’s MI6 chief Richard Moore remarked in September 2024, Russia has been waging a “staggeringly reckless campaign” of sabotage in Europe, aimed in part at scaring countries away from supporting Ukraine. Moscow, for its part, continues to deny any such intentions.
For ordinary Norwegians, the dam incident is a wake-up call. While the immediate physical impact was minimal—thanks in part to the river and reservoir being well below flood capacity—the psychological effect lingers. “I want Norwegians to be prepared,” Gangås told Reuters after her speech, highlighting the need for vigilance as digital threats continue to evolve.
As Europe reckons with the realities of modern conflict, the events at Bremanger serve as a stark reminder: in the age of cyberwar, even the quietest corners of the continent can become battlegrounds, and the lines between demonstration and destruction are increasingly blurred.