Poland warns of pro-Kremlin cyberattacks aimed at destabilization

Poland’s security agency said on Friday that the country has been a "constant target" of pro-Russian hackers since the start of the war between Russia and Ukraine.

The cyberattacks on Poland's government services, private companies, media organizations and ordinary citizens have intensified over the past year, it said. The country's strategic, energy, and military enterprises are particularly at risk, it added.

Polish cybersecurity officials said these attacks are Russia's response to Warsaw's support for Ukraine and an attempt to destabilize the situation in the country. “Through hostile operations in cyberspace, Russia wants to exert pressure on Poland, as a frontline country and a key Ukraine’s ally on the NATO eastern flank,” the agency said.

Since the start of Russia's invasion of Ukraine in late February, Poland has provided Ukraine with about $9 billion in aid. On Friday, for example, Poland sent the third batch of Starlink satellite internet terminals to Ukraine, which will allow Ukrainians to stay connected during the winter blackouts.

Poland is also a hub for Ukrainian refugees. About 2.3 million Ukrainians live in Poland, including almost one million refugees.

The close ties between the two countries has hit a nerve with some Russian hackers. Earlier in May, the pro-Kremlin hacker gang Killnet declared “war” against nations that allied with Ukraine, including Poland. In July, Killnet took down Poland’s key government websites.

In October, researchers from Microsoft discovered a coordinated ransomware campaign targeting the transportation and logistics sectors in Ukraine and Poland. These attacks were officially attributed to the Russia-based hacking group Iridium.

The November attack on the Polish parliament has been attributed to the pro-Russian group NoName057(16), Poland's security agency said on Friday. The group allegedly attacked the website after the Polish parliament designated Russia as a “state sponsor of terrorism.”

"Such incidents in cyberspace are retaliatory actions typical of Russia," Polish cybersecurity officials said. Russia uses cyberattacks, including ransomware, DDoS attacks, and phishing campaigns to respond to actions by other countries that are "unfavorable and inconvenient" for the Kremlin.

Pro-Russian cyberattacks have social, political, or financial implications, but their ultimate goals are "destabilization, intimidation, and chaos," according to the statement.

One of the tactics popular among Russian hackers is website impersonation. In early December, hackers registered a phishing website imitating a public service with the domain gov.pl. The purpose of this website, according to the country's cybersecurity officials, was to collect the personal data of Polish citizens and extort money.

Another goal of Russian cyberattacks is the spread of disinformation. During the Ghostwriter campaign, for example, hackers attacked the email addresses and social media accounts of public figures in Eastern European countries, mainly in Poland, in order to spread disinformation.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.