Polish space agency investigates cyberattack on its systems

Poland’s space agency (POLSA) announced on Sunday it had suffered a cyberattack and is currently investigating the incident.

In response to the attack, the agency said it disconnected its network from the internet, and as of Monday its website remained inaccessible.

Poland’s digital minister, Krzysztof Gawkowski, confirmed that state cybersecurity services had detected unauthorized access to POLSA’s IT infrastructure and had secured the affected systems. Cyber specialists are now working to identify the attackers behind the breach, he added.

Authorities have not disclosed whether the attack was carried out by ransomware groups or politically motivated hackers. They have also not provided further details about how the hackers infiltrated the system.

POLSA is the government agency responsible for Poland's space activities. The agency is a member of the European Space Agency (ESA) and oversees the country’s contributions to space exploration and satellite technology.

In January, Gawkowski said that Poland’s cyber space is the most frequently targeted in the European Union. He attributed most of the incidents to Russia.

Poland has become a prime target for pro-Russian hackers due to its military support for Ukraine and its role as a host for Ukrainian refugees. In September, Gawkowski reported that cyberattacks on Poland had doubled since 2023, with over 400,000 incidents recorded in the first half of last year.

To strengthen its defenses, Poland announced a $760 million investment in cybersecurity in June.

Space agencies like POLSA can be attractive targets for hackers as they often collaborate with military and intelligence agencies. A potential breach — whether by financially or politically motivated hackers — could expose sensitive defense-related information, satellite operations, or classified research, endangering national security.

Among recent examples of cyber incidents targeting space agencies is the attack on Japan’s JAXA. The agency has suffered multiple cyber incidents since 2016, when it was among 200 Japanese companies and research institutes allegedly targeted by Chinese military hackers. In 2023, unknown hackers reportedly targeted the agency’s network server, possibly to gain access to its general business operations. This may have led to breaches of communications between the agency and external organizations with which it has confidentiality agreements, such as Toyota.