Russia intensifying cyberattacks on Poland

More and more Russian cyberattacks against government bodies, aimed to destabilize the country, are recorded in Poland’s cyberspace.

Stanisław Żaryn, the representative of the Polish government for the protection of the information space, noted, that this is Russia's response to the country’s consistent aid to Ukraine, Ukrinform reports with reference to Poland’s government website.

Since the Russian invasion of Ukraine, Poland has been a constant target of Kremlin's hybrid efforts, including cyberattacks.

"Hostile activity in cyberspace against Poland has intensified recently. This is a consequence of our active participation in helping Ukraine, which is fighting (against the aggressor - ed.), as well as our determination to strengthen support for Kyiv in the international arena. Through hostile actions in cyberspace, Russia wants to put pressure on Poland as a front-line country and a key ally of Ukraine on NATO's eastern flank," Żaryn emphasized.

According to the official, cyberattacks target state administration networks, as well as private companies, mass media, and ordinary users. Enterprises in strategic industries, such as energy or defense, are in the zone of special risk.

Żaryn reported that some hostile actions this year could be directly linked to the activities of pro-Russian hacker groups. In particular, hackers were exposed over attacking the official page of the Sejm in December when the government cyber security watchdog, CSIRT GOV, discovered issues with the access to the parliament’s website of (Sejm.gov.pl).

"Analysis of the data showed that the access denial to the site was the result of an attack by the pro-Russian group NoName057(16). One of the targets designated by the group on Telegram was the website of our parliament," said the spokesman.

Read also: Hundreds of Russian cyberattacks on CHPPs, regional power plants prevented - SBU

He added that this attack was a response to the adoption by the Sejm of Poland of a resolution recognizing Russia as a state sponsor of terrorism.

Żaryn noted that such incidents in cyberspace are typical of Russia's response to steps by other countries that Russia deems unfavorable or inconvenient. He said Kremlin-linked hacker groups launch dDos, phishing and ransomware attacks to destabilize, intimidate, and wreak havoc.

In addition, Russian hackers use fake websites to pursue aggressive action. For example, in early December, the CSIRT GOV Poland team received information about a phishing website impersonating the government platform Gov.pl. From the content of the fake website, it appeared that the President of Poland had allegedly signed a decree on the payment of compensation to Polish residents financed from European funds. Through the "I'd like to know" link, the hackers tried to obtain users' personal data before redirecting them to a phishing payment card page under the guise of charging a fee for confirming EU compensation. The Homeland Security Agency has blocked the malign effort.

"This is a typical operation aimed at sowing chaos, devaluing the state, as well as collecting personal data and committing financial extortion," emphasized the Commissioner.

Żaryn also said that cyberattacks are increasingly being used to spread Russian disinformation and obtain data and confidential information by Russian intelligence. He added that the operation performed simultaneously by these two methods is referred to as GhostWriter. It involves attacks on email addresses and accounts in social networks of public figures from Central and Eastern European countries, mainly from Poland. He emphasized that perpetrators are trying to seize control of information platforms for spreading Russian disinformation. In recent months, this operation has focused on Poland.

The government official said that in order to counter these threats in cyberspace, the third level of alert, Charlie-CRP, has been introduced in Poland.