Pierluigi Paganini July 03, 2024

The Polish government is investigating a potential connection between Russia and a cyberattack on the country’s state news agency.

The Polish government is investigating a suspected link between Russia and the cyberattack on the country’s state news agency Polish Press Agency (PAP).

“The Polish Press Agency (PAP) has been hit by a cyberattack; all pertinent information regarding this critical incident is currently being provided to the relevant authorities,” PAP’s liquidator Marek Blonski and PAP’s editor-in-chief Wojciech Tumidalski wrote in a joint statement. “We are working to strengthen the security of all our systems and services,” Blonski and Tumidalski added. 

The attack on the Polish Press Agency (PAP) occurred in May and aimed at spreading disinformation and destabilizing the country.

Authorities believe that a fake news report on Poland’s national news agency, claiming that Prime Minister Donald Tusk was mobilizing 200,000 men starting on July 1, was likely created by Russia-sponsored hackers. The attack appeared to be an attempt to interfere with the upcoming European Parliament election.

“Everything indicates that we are dealing with a cyberattack directed from the Russian side,” said Krzysztof Gawkowski, a deputy prime minister who also holds the digital affairs portfolio. “The goal is disinformation ahead of (European Parliament) elections and a paralysis of the society.”

Two fabricated reports about a partial mobilization in Poland starting on July 1, 2024, were released on the PAP service on a Friday afternoon. PAP clarified that they were not the source of these reports, and promptly annulled and withdrawn them.

Polish authorities suspect that Russia carried out the attack. 

PAP CEO Marek Błoński condemned the attack.

“We are committed to clarifying the issue in collaboration with the appropriate state services”, Błoński said.

Polish media outlets, including Polskie Radio, have reported frequent targeting by Russian hackers, with Polish companies experiencing over 1,400 attacks weekly.

The Russian embassy in Warsaw told Reuters it had no knowledge of the incident and declined further comment.

In May, CERT Polska and CSIRT MON teams issued a warning about a large-scale malware campaign targeting Polish government institutions, allegedly orchestrated by the Russia-linked APT28 group.

The attribution of the attacks to the Russian APT is based on similarities with TTPs employed by APT28 in attacks against Ukrainian entities.

“the CERT Polska (CSIRT NASK) and CSIRT MON teams observed a large-scale malware campaign targeting Polish government institutions.” reads the alert. “Based on technical indicators and similarity to attacks described in the past (e.g. on Ukrainian entities), the campaign can be associated with the APT28 activity set, which is associated with Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).”

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Polish government)