Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Poland. Show all posts
Sandworm
Cyber Attacks Cyberattacks DynoWiper Energy Grid Poland Russian APT44 Sandworm

Sandworm Hackers Fail in DynoWiper Attack on Poland's Power Grid

 

A recently disclosed cyberattack against Poland’s energy infrastructure has been linked to the Russian state-backed hacking group Sandworm, highlighting the persistent threat facing Europe’s critical sectors. The incident occurred between December 29 and 30, 2025, and reportedly targeted elements of the country’s power grid, including combined heat and power plants and systems managing electricity from renewable sources such as wind and solar. Although the attackers attempted to deploy a new destructive data wiper known as DynoWiper, Polish authorities say the operation ultimately failed to cause large-scale disruption.

Sandworm, also tracked as UAC-0113, APT44, and Seashell Blizzard, has a long history of conducting disruptive and destructive cyber operations aligned with Russian strategic interests. Active since at least 2009 and believed to be part of Russia’s GRU Military Unit 74455, the group is infamous for past campaigns, including an attack on Ukraine’s energy grid roughly a decade ago that temporarily cut power to about 230,000 people. The latest activity in Poland fits a broader pattern of Sandworm’s focus on critical infrastructure, particularly in countries supporting Ukraine or opposing Russian policies.

In the Polish case, security firm ESET linked Sandworm to the attack and identified the destructive malware used as DynoWiper, a previously unknown data-wiping tool. Data wipers are designed to iterate through a filesystem and delete or corrupt files, rendering the operating system unusable and forcing victims to rebuild systems from backups or perform complete reinstalls. ESET says DynoWiper is detected as Win32/KillFiles.NMO and has a specific SHA-1 hash, though no public samples have yet appeared on common malware analysis platforms such as VirusTotal or Any.Run.

Polish officials reported that the attackers focused on two combined heat and power plants, as well as a management system responsible for controlling energy generated from wind turbines and photovoltaic farms. Prime Minister Donald Tusk stated that “everything indicates” the operation was carried out by groups directly linked to Russian services, underscoring the political and geopolitical context surrounding the intrusion. While authorities did not provide detailed information on the extent of the compromise or the attackers’ dwell time, they emphasized that the attempt to cause destructive impact was thwarted.

Despite the failed outcome, cybersecurity experts warn that the incident should serve as a serious wake-up call for defenders across Europe. Team Cymru’s Senior Threat Intel Advisor Will Thomas has urged security teams to review Microsoft’s February 2025 report on Sandworm to better understand the group’s tactics, techniques, and procedures. With Sandworm also tied to destructive wiper attacks on Ukraine’s education, government, and grain sectors in mid and late 2025, the Polish incident reinforces the need for robust backups, network segmentation, and proactive threat hunting in all critical infrastructure environments.
Read more »
Russia
Aerospace Cyber Attacks Europe Poland Russia

Poland’s Space Agency Investigates Cyberattack, Works On Security Measures

 



Poland’s space agency, POLSA, has reported a cyberattack on its systems, prompting an ongoing investigation. In response to the breach, the agency quickly disconnected its network from the internet to prevent further damage. As of Monday, its official website was still offline.  


Government and Cybersecurity Teams Take Action

Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, confirmed that cybersecurity experts detected unauthorized access to POLSA’s systems. Security specialists have since secured the affected infrastructure and are now working to determine who was behind the attack. However, officials have not yet shared whether the hackers were financially motivated cybercriminals or politically driven groups. The method used to infiltrate the agency’s network also remains undisclosed.  


Why Hackers Target Space Agencies

Organizations involved in space research and technology are often appealing targets for cybercriminals. Many of these agencies collaborate with defense and intelligence sectors, making them vulnerable to attacks that could expose confidential projects, satellite communications, and security-related data. A cyberattack on such an agency could disrupt critical operations, leak classified research, or even interfere with national security.  


Poland Faces a Surge in Cyberattacks

Poland has become one of the most frequently targeted countries in the European Union when it comes to cyber threats. Earlier this year, Gawkowski stated that the country experiences more cyber incidents than any other EU nation, with most attacks believed to be linked to Russian actors. Poland’s strong support for Ukraine, both in military assistance and humanitarian aid, has likely contributed to this rise in cyber threats.  

The number of cyberattacks against Poland has increased drastically in recent years. Reports indicate that attacks doubled in 2023 compared to previous years, with over 400,000 cybersecurity incidents recorded in just the first half of the year. In response, the Polish government introduced a cybersecurity initiative in June, allocating $760 million to strengthen the country’s digital defenses.  


Other Space Agencies Have Also Been Targeted

This is not the first time a space agency has fallen victim to cyberattacks. Japan’s space agency, JAXA, has faced multiple breaches in the past. In 2016, reports suggested that JAXA was among 200 Japanese organizations targeted by suspected Chinese military hackers. In 2023, unknown attackers infiltrated the agency’s network, raising concerns that sensitive communications with private companies, such as Toyota, may have been exposed.  

As space technology continues to advance, protecting space agencies from cyber threats has become more crucial than ever. These organizations handle valuable and often classified information, making them prime targets for espionage, sabotage, and financial cybercrime. If hackers manage to breach their systems, the consequences could be severe, ranging from stolen research data to disruptions in satellite operations and defense communications.  

POLSA’s ongoing investigation will likely uncover more details about the cyberattack in the coming weeks. For now, the incident highlights the increasing need for governments and space organizations to invest in stronger cybersecurity measures to protect critical infrastructure.

Read more »
Russia cyber threats
Cyber Attacks EU Media Media Industry NATO Poland Poland CyberSecurity Russia cyber threats

Polish State Media Targeted in Alleged Russian-Backed Cyberattack

 

In a concerning development on May 31, the Polish Press Agency (PAP), a state-run media outlet, was targeted in a cyberattack that authorities have attributed to Russian-backed operatives. This incident adds to a growing list of cyber aggression linked to Russian intelligence services, which have previously been accused of targeting Ukraine and various Western nations. 

The European Union (EU) and NATO recently condemned Russia's "malicious cyber campaign" against Germany and Czechia earlier in May, highlighting the persistent threat posed by such activities. On the morning of the attack, PAP's website displayed false messages claiming that Polish Prime Minister Donald Tusk had ordered a "partial mobilization" to begin on July 1. The swift identification of this disinformation was crucial. Deputy Prime Minister Krzysztof Gawkowski promptly declared the message as "false" and confirmed that an investigation was underway. 

He noted, "Everything points to a cyberattack and planned disinformation!" This immediate response was vital in preventing the spread of the false information. Jacek Dobrzynski, spokesperson for the Polish security service, also indicated that the attack was a "probable Russian cyberattack." Gawkowski elaborated on the intent behind the cyber operation, suggesting that it aimed to spread "disinformation before the upcoming EU parliamentary elections" and to "paralyze society." 

The false message was detected within two minutes, and Gawkowski commended the media for accurately labeling it as disinformation, thus preventing further dissemination. Gawkowski's remarks reflect a broader sentiment of heightened vigilance in Poland and across the EU regarding cyber threats. He emphasized that Poland is in a "cold war" with Russia, a stance that underscores the pervasive impact of Russian cyber activities on EU countries. 

This sentiment has been echoed by other European leaders who have called for stronger cyber defenses and increased international cooperation to counter such threats. The incident underscores the ongoing cyber conflict between Russia and Western nations, highlighting the need for robust cybersecurity measures. The EU and NATO's condemnation of Russia's cyber activities against Germany and Czechia earlier in May further illustrates the widespread nature of these threats. Poland's response to the cyberattack on PAP demonstrates the importance of rapid identification and response to disinformation campaigns. 

Gawkowski assured that Prime Minister Tusk was informed of the incident immediately, showcasing the high level of alertness among Polish authorities. As cyber threats continue to evolve, the international community must remain vigilant and proactive in defending against such attacks. This incident serves as a reminder of the critical importance of cybersecurity in safeguarding national security and public trust.
Read more »
West
America CNN Cyber Security CyberWar Government Information Security Poland Russia Ukraine US West

The United States and the West are Afraid of Possible Cyber Attacks by Russian Hackers

 

According to CNN, the FBI has warned American businessmen about the growth of possible cyberattacks using ransomware by Russian hackers against the background of sanctions that US President Joe Biden imposed against Russia in connection with the situation around Ukraine. 

Earlier, Jen Easterly, head of the U.S. Agency for Cybersecurity and Infrastructure Protection, said that Russia might consider taking measures that could affect critical U.S. infrastructure in response to U.S. sanctions. She urged all organizations to familiarize themselves with the steps the agency has developed to mitigate cybersecurity risks. In addition, David Ring, head of cybersecurity at the FBI, said that Russia is allegedly a favorable environment for cybercriminals, which will not become less against the background of the confrontation between Russia and the West over the situation around Ukraine. According to CNN, briefings on such topics have been held by the FBI and the Department of Homeland Security for the past two months. 

It is important to note that Polish Prime Minister Mateusz Morawiecki decided to introduce a special high-level security regime for telecommunications and information technology in the country. 

On February 21, he signed a decree introducing the third level of the Charlie– CRP warning throughout the country. This level is introduced if there is an event confirming the probable purpose of a terrorist attack in cyberspace or if there is reliable information about a planned event. 

The Polish Law on Anti-terrorist actions provides that in the event of a terrorist attack or its threat, the head of government may introduce one of four threat levels: Alfa, Bravo, Charlie, and Delta. The highest level, Delta, can be announced if a terrorist attack occurs or incoming information indicates its high probability in Poland. 

Similar levels marked with CRP relate to threats in cyberspace. They are introduced to strengthen the control of the security level of information systems in order to monitor the possible occurrence of violations in their work. 

The Russian Federation has repeatedly rejected the accusations of Western countries in cyberattacks, calling them unfounded, and also stated that it is ready to cooperate on cybersecurity. 

Earlier, CySecurity News reported that CNN reported citing US administration sources that representatives of the White House, US intelligence, the US Department of Homeland Security (DHS), and other agencies have discussed preparations to repel cyber attacks that could be carried out in the United States and Ukraine.
Read more »
Poland Cyber Security
Cyber Attacks Cyber War Poland Poland Cyber Security

Polish Authorities Says Recent Hacker Attacks Connected with Special Services of The Russian Federation

On Tuesday, a spokesman for the minister coordinating Poland's intelligence services said the hacking attacks in the republic two weeks ago could allegedly be linked to Russian intelligence services.

According to the report, "the list of targets of the social engineering attack conducted by the hacker group UNC1151 included at least 4,350 email addresses belonging to Polish citizens or operating on Polish email services. The intelligence services have information indicating links between the aggressors with the activities of the Russian special services".

Moreover, the list of 4,350 hacked addresses includes more than 100 accounts used by persons performing state functions, such as members of the former and current government, deputies, senators, and local authorities.

"The list also included an email used by Minister Michal Dworczyk. The services responsible for cyber security recorded several unauthorized accesses to the mailbox used by Minister Dworczyk," the press service said in a statement.

Western countries have repeatedly made claims that Russia is involved in various cyber attacks, including against US government agencies and companies. The Russian side has consistently denied these accusations. In particular, Russian presidential spokesman Dmitry Peskov said earlier that Moscow is not involved in these hacker attacks. According to him, "any accusations of Russia's involvement are absolutely unfounded and are rather a continuation of Russophobia."

On June 9, the head of the office of the head of the Polish government, responsible for the implementation of the National Vaccination Program, Michal Dworczyk, said that he was attacked by hackers. E-mail and social media pages belonging to him and his wife were hacked. 

Read more »
Poland Cyber Security
Cyber Security Poland Poland Cyber Security

The Polish Prime Minister asked the Sejm to hold a closed meeting on cyber attacks

 The lower house of the bicameral parliament of Poland (Sejm) will hold a closed session on hacking attacks against representatives of the country's authorities on Wednesday. This was announced on Tuesday at a briefing by the official representative of the Government of the republic, Peter Muller.

"The Prime Minister [Mateusz Morawiecki] asked the Speaker of the Sejm, Elzbieta Witek, to organize a meeting of the chamber in closed mode, so that the government could inform about the cyber attacks that were aimed at Poland," he informed, stressing that during the meeting, the deputies will be acquainted with the classified data.

"Recently, we have been the target of an unprecedented cyber attack aimed at Poland, at Polish institutions, at individual email users," said Muller.

Witek has already confirmed that a closed meeting on the topic of cyber attacks will be held on Wednesday. "We will listen to the Prime Minister's explanations and information," she informed journalists.

On June 9, the head of the office of the head of the Polish government, responsible for the implementation of the National Vaccination Program, Michal Dvorczyk, said that he was attacked by hackers. E-mail and social media pages belonging to him and his wife were hacked. In a statement, the politician suggested that Russian-speaking hackers were involved in the attack, as the information was published in the Russian social network Telegram. The incident is being investigated by the Polish special services and the prosecutor's office.

On Tuesday, Radoslaw Vogel, deputy press secretary of the Poland's ruling conservative Law and Justice (PiS), said that"today someone made an attempt to get data from parliamentary emails." "Anyone can be under threat, there is a constant arms race in matters of online security," he wrote on Twitter.

In addition, on June 11, the UK accused Russia of aiding cyberattacks and called on the G7 to unanimously oppose such acts.

Read more »
Poland Cyber Security
Cyber Attacks Lithuania Cyber Security Poland Poland Cyber Security

Polish authorities got hacked for the sake of a fake allegation of nuclear waste leakage from Lithuania

Two Polish government websites were hacked to spread false information about a nuclear waste "leak" in neighboring Lithuania.

The incident took place on Wednesday. False information about a non-existent radioactive threat was published on the websites of the Polish National Atomic Energy Agency and the Polish Ministry of Health. In addition, the Twitter account of a journalist who "often writes about Russia and Eastern European countries" was hacked. His page was used to further spread misinformation.

The false statement said that the health and lives of Poles living near the Lithuanian border were in danger. However, the reports did not seem to get much attention.

Polish Security Service spokesman Stanislav Zarin said that "the whole story looked like a typical Russian attempt" to sow suspicion and discord among Western allies.

Zarin said he remembered a similar hacking attempt in 2020 that spread false information about a nonexistent radioactive cloud headed for Poland from Chernobyl in Ukraine.

In February, the Lithuanian Foreign Ministry drew attention to the recent intensification of information and cyber attacks aimed at damaging friendly Lithuanian-Polish relations and "blackmailing the Lithuanian and Polish peoples.

Official Vilnius and other Western countries regularly accuse the Russian side of "cyber attacks" without any evidence or concrete facts. Often Lithuanian politicians hint at the involvement of "Russian hackers" or that they were carried out by "unfriendly countries," although no evidence has been found.

As Russian authorities and experts have repeatedly noted, Moscow has no reason to attack Lithuania or other NATO countries, either real or virtual. Russia rejects all the accusations, noting that they are completely unfounded.

Read more »
Russian Cyber Security
Data Breach Poland Poland Cyber Security Russia Russian Cyber Security

Russian explained why hackers steal personal data of CD Projekt RED employees

 Hackers have broken into the Polish development studio CD Projekt RED, the authors of the sensational game Cyberpunk 2077, and threaten to publish the source codes of the video games, as well as the personal data of the company's employees. Moreover, the attackers have already fulfilled the first part of the promise: the source code of several games of the Polish studio has appeared in the public domain. It is likely that cybercriminals will also reveal the personal data of employees. Alexey Kubarev, Head of the Solar Dozor Business Development Group at Rostelecom-Solar, spoke about why hackers hunt for such information and how they use it.

"The main goal of hackers is to profit from the spread of malicious attacks and fraud. Personal data can be both an end goal - it can be sold, and an intermediate goal - it can be used for the implementation of attacks," explained Kubarev.

According to the specialist, the most demanded information in the cybercriminal world is personal data related to the financial sector, for example, the bank's customer base.

The expert claims that fraudsters buy personal data on the Darknet. "There, the databases are placed by hackers, either who hacked the resource with the database, or received it from insiders."

Attackers figure out the employees they are interested in and, in various ways, make them provide either data or technical access to it.

According to Kubarev, a person cannot influence the protection of personal data that he provides to companies, since the companies that process them are responsible for the security of data.

"So, you should be careful about any letters and websites that require you to enter data about yourself and check whether they really belong to the official domain of the company. In addition, attackers can use social media to collect information, so it would be better to minimize the information with personal data in your accounts or restrict public access to them, if possible," concluded he.

Read more »
Subscribe to: Comments (Atom)