Fortum Faces Daily Cyberattacks and Escalating Security Threats Amid Rising Tensions with Russia

Fortum Faces Daily Cyberattacks and Escalating Security Threats Amid Rising Tensions with Russia
Photo by Karsten Würth / Unsplash

Nordic utility giant Fortum is facing a growing number of cyberattacks, drone surveillance, and suspicious activities around its power assets in both Finland and Sweden. This was revealed by CEO Markus Rauramo, who highlighted that the utility company experiences daily cyberattack attempts and has called on authorities to investigate these incidents. The increase in malicious activities comes amid deteriorating relations between Finland, Sweden, and Russia, particularly after the two Nordic nations joined NATO in response to Russia’s invasion of Ukraine.

Daily Cyberattacks and Suspicious Activities

According to Rauramo, Fortum’s power assets, which include hydro, wind, solar, nuclear, and combined heat and power (CHP) plants, have been targeted by frequent cyberattack attempts and surveillance activities. These cyberattacks, aimed at compromising Fortum's critical infrastructure, have occurred alongside incidents involving drones and unidentified individuals near Fortum’s operational sites. The company has reported these activities to Finnish and Swedish authorities, though details of ongoing investigations remain limited.

Fortum’s CEO noted that while the company faces various forms of cyber security breach attempts daily, they have also experienced satellite connection disruptions earlier in the year. These disturbances could have significant implications for the company’s ability to monitor and manage its power generation and distribution assets.

In Sweden, Fortum is facing similar challenges, with malicious cyber activities and surveillance being reported across both countries’ energy sectors. As the CEO explained, Fortum has taken extensive precautions to counter these threats, employing private security services, strict access controls, reserve systems, and participating in drills with national authorities to mitigate the impact of potential cyberattacks.

The Rising Geopolitical Threat from Russia

The cyberattacks targeting Fortum coincide with a broader geopolitical shift in the region. Finland and Sweden’s decision to join NATO in 2023, following Russia’s full-scale invasion of Ukraine, has significantly escalated tensions with Russia. Finland shares a long border with Russia, and the Kremlin has openly expressed its displeasure over Finland and Sweden’s NATO membership, threatening retaliatory actions.

According to Finland’s Security and Intelligence Service (Supo), Russia remains the principal threat to Finland’s national security. The deterioration of relations since 2022 has led to an increase in Russian cyberattacks and intelligence operations aimed at Finland’s critical infrastructure. In response, Finland has heightened its vigilance over potential threats to its power plants and other vital facilities.

Swedish authorities have echoed similar concerns. The Swedish Security Service (Sapo) has warned of an increase in Russian intelligence activities targeting Sweden, describing them as more opportunistic, aggressive, and risk-taking than in previous years. The rise in cyberattacks and surveillance operations is part of a broader pattern of hostile activities attributed to Russian state-sponsored actors across Europe, particularly against NATO and EU members.

Fortum’s Security Response and Mitigation Efforts

Fortum has responded to the rising threat landscape by implementing a comprehensive set of cybersecurity measures aimed at safeguarding its energy infrastructure. The utility company has deployed strict access control measures, enhanced private security services, and established backup systems to ensure continuity in the event of cyber disruption. Additionally, Fortum has coordinated with Finnish and Swedish authorities, engaging in cybersecurity drills to prepare for potential attacks and ensure a swift response.

Jari Stenius, Fortum’s head of security, confirmed that the frequency of incidents has increased but assured that the impact on operations has remained minimal. Stenius added that Fortum is continuously updating its defensive measures to stay ahead of cyber threats and ensure the integrity of its energy production and distribution systems.

The National Bureau of Investigation (KRP) in Finland is conducting investigations into several open cases involving suspicious activities near critical infrastructure, although details of these cases remain confidential. Similarly, Finland’s Supo and Swedish authorities declined to comment on specific cyberattacks but acknowledged the broader trend of increased Russian aggression targeting the region’s critical infrastructure.

Russia’s Broader Cyber and Intelligence Campaigns

The cyberattacks on Fortum are part of a broader strategy employed by Russian state-sponsored groups. Russian intelligence services and affiliated hacker groups, such as APT28 (Fancy Bear) and Sandworm, have a history of targeting critical infrastructure across Europe and North America. These groups have previously carried out destructive cyberattacks on power grids, financial institutions, and government agencies.

Russia’s increased cyber activities against Finland and Sweden are widely seen as retaliatory measures following their NATO accession. The Kremlin has consistently employed cyber warfare as a tool to disrupt, destabilize, and gather intelligence on perceived adversaries, especially those aligned with the Euro-Atlantic defense and security architecture. Additionally, Moscow has employed a mixture of cyber espionage, disinformation campaigns, and sabotage efforts in an attempt to undermine the national security and stability of neighboring nations.

In response to international sanctions, including the seizure of Fortum’s Russian energy assets worth $1.9 billion, Russia has intensified its hostile cyber activities. Western intelligence agencies have identified a growing number of cyberattacks, espionage operations, and other forms of covert actions targeting critical sectors in Europe, including the energy industry.

Broader Implications for Cybersecurity in the Energy Sector

The attacks on Fortum highlight the broader cybersecurity challenges faced by critical infrastructure providers across Europe. Energy utilities, in particular, are high-value targets for state-sponsored cyberattacks due to their crucial role in powering industries, homes, and essential services. Any disruption to these systems could have widespread consequences, affecting national security and economic stability.

To defend against these persistent cyber threats, energy companies like Fortum must continue investing in advanced cybersecurity solutions, including artificial intelligence (AI)-based threat detection, real-time monitoring, and network segmentation to minimize the impact of potential breaches. Moreover, collaboration between governments, law enforcement, and the private sector is crucial to mitigating cyber risks and ensuring the resilience of critical infrastructure.

Conclusion: Navigating an Evolving Threat Landscape

The daily cyberattacks and surveillance activities faced by Fortum reflect the ongoing cyber warfare between Russia and its Western adversaries. As the geopolitical tensions between Russia, Finland, and Sweden continue to escalate, critical infrastructure operators like Fortum will remain at the forefront of the cyber battlefield. The company’s proactive stance, combined with ongoing support from national authorities, positions it to mitigate the immediate risks of cyberattacks. However, the evolving nature of the threat landscape means that constant vigilance and continued investment in cyber resilience will be essential for ensuring the safety and stability of Europe’s energy supply.

Read more