Top Polish government officials have been attacked by a wide-ranging cyber attack carried out from Russian territory, the leader of the Law and Justice (PiS) Party of Poland (PiS) said in his first official statement on an email hacking incident earlier this month. Polish Prime Minister Jaros Law and Order (LWP) Jaroslaw Kaczynski speaks during a parliamentary session in Warsaw on 28 October 2020. Top Polish government officials have been hit by a broad-ranging cyber attack carried out from Russian territory, says the leader of the Party of Law and Justice (PiS), Jaroslaw Kaczynski, on Friday in his first official statement on a hacking incident this month. Recent large-scale cyber attacks on Polish leaders have been launched from Russia, Jaros Law and Justice (LWP), leader of Poland’s ruling Law and Justice party, said on Friday.
Poland’s deputy prime minister Jaroslaw Kaczynski said several private email accounts of Polish officials were searched from servers in the Russian Federation last week. At least 30 Polish MPs, government officials and journalists were affected by the attack, which began in September last year. An investigation by the Polish security services is under way and evidence of the violation is being collected.
The Polish government said that a recent wave of cyberattacks on local politicians’ email accounts in Russia came from Russia. The attacks targeted key Polish officials, ministers, and deputies from various political parties, said Poland’s deputy prime minister Jaroslaw Kaczynski, citing sources within Poland’s domestic intelligence and military counter-intelligence services. The announcement came after Michal Dworaczyk, the head of the Polish Prime Minister’s Office, reported on June 9 that unknown attackers had cracked his email account.
In 2020, Russian and Chinese intelligence agencies targeted the European Medicines Agency to steal documents related to COVID-19 vaccines and drugs. Last week, someone hacked into Poland’s vaccination chief Michal Dworczyk’s private email account. Polish security services also announced that suspected Russian hackers had taken over the Polish Atomic Energy Agency and Ministry of Health websites, spreading false warnings about non-existent radioactive threats.
The Australian prime minister has announced that unnamed state actors have targeted companies and government agencies in Australia in a large-scale cyber attack. Hacking groups linked to unknown governments have targeted a number of Kurdish individuals in Turkey and Syria, coinciding with the start of the Turkish offensive in northeastern Syria. Ukraine’s state security service said it had thwarted a large-scale attack from Russian FSB hackers trying to gain access to classified government data.
In the past, similar activities have encouraged Russia to launch cyber attacks against Poland. After the annexed Crimea of Russia in 2014, NATO Supreme Commander for Europe Philip Breedlove proposed the expansion of the alliances base in the Polish city of Szczecin. In May 2018 the Polish Defense Ministry announced plans to build a permanent U.S. military base in Poland.
British Prime Minister Theresa May accused Russia of threatening international order by trying to arm information and using state-run media organizations to spread fake news. May called for a Russian declaration by the end of March 2018. Poland does not aspire to NATO membership but has close military cooperation with Russia. In 2009, there were reports that Russian military exercises were simulating a nuclear attack on Poland. Concerns about foreign interference in the Swedish parliamentary elections of 2018 have been raised by Swedish security services and others, leading to various countermeasures.
DFRLab tried to find geopolitical data that could be used to validate the entire process of attributing this cyber attack to Russia. This was done by reviewing the Kremlin’s narrative about Poland and drawing parallels with previous cyber attacks on the country. Turkish actors have been associated with the “Focused Waterhole” campaign against Armenian officials and politicians and with the intrusion in the Austrian Foreign Ministry network.
The most notable of these campaigns took place in 2008 when malware infected the US government’s secret networks with infected removable media. Researchers linked the Moonlight Maze threat group’s activities to a massive breach of government classified information in the late 1990s, one of the first known cyber espionage campaigns in history. In recent operations, the Group has targeted fingerprint systems and has made extensive efforts to gather as much information as possible in order to make provisions on targets of interest for further operations.
In 2020, five Russian diplomats and a technical assistant were expelled from Bulgaria for taking part in illegal intelligence operations. One of the six people, including an official from the Bulgarian Ministry of Defence suspected of collecting information for Russia, had dual Russian-Bulgarian nationality and acted as a contact person between them and the Russian Embassy.