Pro-Russia cyberattacks aim at destabilizing Poland, security agency warns

Poland security agency warns pro-Russian hackers that are continuously targeting the state since the start of the invasion of Ukraine.

Since the beginning of the invasion of Ukraine, Poland has been a constant target of cyber attacks conducted by pro-Russian hackers, Poland’s security agency warns.

The attacks aimed at almost any entity in Poland, including government services, private organizations, media outlets.

“Both public administration domains and private companies, the media and ordinary users become the target of hacker attacks. Entities from strategic sectors, such as energy or armaments, are particularly at risk. Some of these hostile campaigns can be linked directly to the activities of pro-Russian hacking groups.” reads the alert published by the Polish Government.

According to the Polish intelligence, the attacks against the country are part of a response of the Kremlin to the Poland’s support provided to Ukraine. The security agency warns of an attempt to destabilise the situation in its country.

Poland is in a strategic position and is considered a key Ukraine’s ally, it continues to provide support to Ukrainian refugees aligned with NATO’s strategy.

In July, pro-Russia Killnet hacker crew hit multiple government resources in Poland including the Ministry of Foreign Affairs, Senate, Border Control and the Police.

In April, the same group claimed the responsibility for DDoS attacks on the sites of institutions in states such as the USA, Estonia, Poland, the Czech Republic, and also on NATO sites.

In October, Microsoft reported that a new strain of ransomware, tracked as Prestige ransomware, is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland.

Microsoft pointed out that this campaign was not connected to any of the 94 currently active ransomware activity groups that it is tracking.

The campaign shares victimology with recent operations conducted by Russia-linked threat actors, the IT giant attribute it to the Russia-linked Iridium APT.

The Poland’s security agency also reports the case of the November attack on the Polish parliament that was attributed to the pro-Russian group NoName057(16).

The attack was a response to the adoption by the Sejm of the Republic of Poland of a resolution designating Russia as a state sponsor of terrorism.

“Such incidents in cyberspace are retaliatory actions typical of Russia, which are a response to steps taken by other countries, that are unfavorable and inconvenient for the Russian Federation.” concludes the alert which also states that the Prime Minister has also introduced the third security alert CHARLIE-CRP related to the cybersecurity and responds to growing threats in cyberspace. “Hacker groups linked to the Kremlin use ransomware, dDos and phishing attacks, and the goal of hostile actions coincides with the goals of a hybrid attack: destabilization, intimidation and sowing chaos.“

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, information warfare)

[adrotate banner=”5″]

[adrotate banner=”13″]