Pierluigi Paganini
March 05, 2025
The Polish space agency POLSA was forced to disconnect its network from the internet in response to a cyberattack. The agency revealed that it has disconnected its infrastructure to contain the attack and secure data, a circumstance that suggests it was the victim of a ransomware attack.
“A cybersecurity incident has occurred at POLSA. The relevant services and institutions have been informed. An analysis of the situation is ongoing. To secure data after the breach, POLSA’s network was immediately disconnected from the internet. We will keep you updated.” reads a statement published by the agency on X.
W POLSA doszło do incydentu cyberbezpieczeństwa. Odpowiednie służby i instytucje zostały poinformowane. Trwa analiza zaistniałej sytuacji. W celu zabezpieczenia danych po włamaniu, sieć POLSA została natychmiast odłączona od Internetu. Będziemy Państwa informować na bieżąco.
— Polska Agencja Kosmiczna (@POLSA_GOV_PL) March 2, 2025
We cannot rule out an attack by a nation-state actor, especially Russia, given the country’s strategic support for Ukraine in the ongoing conflict. The potential use of a wiper or ransomware could have had various motivations, ranging from sabotage to a diversionary action. Polish critical infrastructure, and more generally Western infrastructure, remains particularly exposed to cyberattacks.
POLSA hasn’t published technical details about the attack.
“The state agencies responsible for cybersecurity have detected unauthorized access to the teleinformatics infrastructure of the Polish Space Agency.”
“As a result of the incident, the affected systems have been secured. CSIRT NASK, together with CSIRT MON, is supporting POLSA in efforts to restore the agency’s operational functionality.” Deputy Prime Minister of Poland Krzysztof Gawkowski wrote on X. “Intensive operational activities are also underway to identify the perpetrators behind the cyberattack. Further updates will be provided as the situation develops.”
W POLSA doszło do incydentu cyberbezpieczeństwa. Odpowiednie służby i instytucje zostały poinformowane. Trwa analiza zaistniałej sytuacji. W celu zabezpieczenia danych po włamaniu, sieć POLSA została natychmiast odłączona od Internetu. Będziemy Państwa informować na bieżąco.
— Polska Agencja Kosmiczna (@POLSA_GOV_PL) March 2, 2025
The agency notified regulators and authorities, and the investigation into the incident is still ongoing.
The Polish Space Agency (POLSA; Polish: Polska Agencja Kosmiczna, PAK) is the space agency of Poland, administered by the Ministry of Economic Development and Technology. It is a member of the European Space Agency. The agency is focused on developing satellite networks and space technologies in Poland. It was established on 26 September 2014, and its headquarters are located in Gdańsk, Poland.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Poland)
