European Power Grid Resilience and Security Challenges
A massive power outage affected Spain, Portugal, and parts of southwestern France, leaving tens of millions without electricity for hours due to cascading failures in the power generation and transmission systems. The incident, which was not caused by a cyberattack but by technical and operational failures, highlighted the fragility of interconnected European grids and raised concerns about the preparedness of critical infrastructure against both accidental and malicious disruptions. Experts noted that fragmented incident handling and lack of coordination among European operators exacerbate the risk of widespread outages, drawing parallels to past cyberattacks on power grids such as the 2015 Ukraine incident.
In response to increasing threats, industry analysts and regulators are urging grid operators to unify cybersecurity and physical security strategies. The convergence of operational technology (OT) and information technology (IT) has exposed critical infrastructure to a broader range of cyberthreats, including ransomware and malware, while physical attacks on grid assets have also surged in recent years. Surveys indicate that grid operators are equally concerned about cyber and physical risks, emphasizing the need for integrated security approaches to safeguard the reliability and resilience of power delivery systems.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Red Eléctrica gives blackout audio records to police investigators
Nearly a year after a major blackout in Spain, Red Eléctrica provided its system audio records to police as part of an Audiencia Nacional investigation examining whether the incident involved a cyberattack. The disclosure followed controversy over leaked recordings and disputes with power companies seeking judicial access to the materials.
Reports highlight urgent push to strengthen Europe’s power grid security
Industry coverage described a growing effort to harden Europe’s electrical grids against cyberattacks and physical sabotage, emphasizing the convergence of cyber and physical security for grid operators. The references do not identify a single discrete triggering incident, patch, or official action beyond this broader security push.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Corredor se revuelve ante los audios que cuestionan la gesti�n de Red El�ctrica: "Terceras partes buscan deslegitimar los an�lisis oficiales" | Empresas
elmundo.es
Open sourceThe race to shore up Europe’s power grids against cyberattacks and sabotage
go.theregister.com
Open sourceLet's Get Physical: A New Convergence for Electrical Grid Security
darkreading.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Europe Warns of Rising Threats to Energy Grids and Undersea Infrastructure
European officials and industry reporting have highlighted a widening threat to critical infrastructure as cyber risks to electricity networks grow alongside military monitoring of subsea assets. An International Energy Agency assessment cited in Spanish reporting said cyberattacks on critical energy infrastructure rose 30% in 2023 to **420 million** globally, while attacks on energy service companies have quadrupled since 2020. Recent incidents include the 2022 satellite communications disruption that knocked **5,800 wind turbines** offline in Germany and breaches affecting more than 20 Danish energy companies. Authorities have also warned that compromised smart meters, solar inverters, and battery systems could be used to destabilize grid frequency or trigger broader outages. The concern extends beyond direct hacking to supply-chain and geopolitical exposure tied to digitally connected clean-energy equipment and other strategic infrastructure. European and U.S. authorities reviewed communications modules in imported solar and battery systems, while Lithuania moved to block remote access by Chinese suppliers to solar, wind, and storage control platforms. Separately, the UK said British and Norwegian forces carried out a month-long operation to track a Russian attack submarine and two GUGI-linked spy submarines near North Atlantic cables and pipelines, underscoring fears that hostile states could target the seabed networks that carry **99% of international telecommunications traffic** and support a major share of regional energy supplies.
Apr 9, 2026
Cybersecurity Risks and Threats to Aging Critical Infrastructure and Renewable Energy Systems
Critical infrastructure worldwide, including power grids, water systems, and transportation networks, is increasingly vulnerable due to aging hardware and outdated cybersecurity measures. Many of these systems, built between the 1950s and 1970s, were never designed for the hyperconnected digital environment of today, leaving them exposed to both physical decay and cyber threats. In the United States, nearly 70% of the power grid is over 25 years old, and similar conditions exist in Europe, with a significant portion of bridges and other infrastructure in need of repair. As operators modernize these systems with digital controls and cloud-based monitoring, new attack surfaces emerge, such as legacy interfaces, unpatched software, and unsupported protocols, which can be exploited by threat actors. The interconnectedness of these systems means that a single vulnerability, such as an infected maintenance laptop or a misconfigured firewall, can have cascading effects across multiple sectors. The adoption of digital twins and shared data platforms is helping operators predict failures and coordinate responses, but the risk remains high. The rapid growth of renewable energy, particularly solar power, has introduced additional cybersecurity challenges. Solar inverters, aggregators, and control software have become attractive targets for cybercriminals, as demonstrated by real-world incidents where hackers exploited default credentials and known software flaws to hijack remote monitoring devices. The FBI has issued alerts about threats to renewable energy systems, and experts warn that tampering with connected infrastructures, including EV charging networks, could lead to widespread blackouts. The transition to renewables is outpacing the implementation of robust cybersecurity measures, making the sector a potential weak link in national energy resilience. High-profile attacks, such as the hijacking of 800 monitoring devices in Japan using a Mirai botnet-linked vulnerability, highlight the global nature of the threat. Hacktivist groups have also targeted solar monitoring systems, further exposing the sector's vulnerabilities. The integration of renewables into the grid, often outside the direct control of traditional operators, complicates efforts to secure the entire energy ecosystem. As the share of renewables in power generation is projected to rise significantly by 2030, the urgency to address these cybersecurity gaps is growing. Experts emphasize the need for proactive monitoring, regular updates, and coordinated information sharing between engineers and security teams to mitigate risks. The resilience of critical infrastructure now depends not only on physical maintenance but also on the ability to anticipate and defend against sophisticated cyber threats targeting both legacy and emerging technologies.
Mar 21, 2026
Rising Risk of State-Linked Attacks on Power Grids and Operational Technology
Reporting highlighted growing concern that **state-affiliated and state-linked actors** are positioning for disruptive attacks against **operational technology (OT)** and critical infrastructure, with activity that may be difficult for operators to detect. A Codific analysis described five common pathways seen in disruptive grid-focused intrusions—often beginning with **human error or exposed perimeter services**, then escalating through **credential theft**, **remote access exploitation** (e.g., VPNs/gateways), **ransomware**, and misuse of **legitimate industrial commands** that can delay operations and complicate detection and recovery; it also warned that attacks on virtualized environments can hinder restoration efforts and that cascading impacts could be severe (e.g., Lloyd’s “Business Blackout” scenario estimating losses up to **$1T**). Recommended mitigations emphasized proven controls such as **phishing-resistant MFA** and **IT/OT segmentation**, rather than novel defenses. Separate commentary and media content also pointed to OT becoming a frontline in geopolitical escalation, including claims of a coordinated campaign tied to Iran-linked hacktivist activity targeting OT devices such as **Unitronics PLCs** used in water and industrial facilities, alongside psychological operations and SMS spoofing. Other items in the set were leadership/career/podcast-style content without specific incident or vulnerability detail and do not materially add to the OT/power-grid threat reporting.
Mar 21, 2026