The government of Poland claimed to observe a spike in cyberattacks by Russia-linked hackers in the country. It warned that several Russian-sponsored threat actors, especially the GhostWriter APT, have focused their attacks on Poland entities.

Intensified risks

At Poland's official site, the government stated that continuous cyberattacks are targeting state organizations, public domains, armament providers, strategic energy, and other critical organizations.
  • Poland’s CSIRT GOV Team has revealed details regarding the registration of phishing websites impersonating government domain gov[.]pl.
  • The government further said that the Russian actors are targeting Poland allegedly due to its support to Ukraine against the Russian Invasion.
  • Last month, a fake claim was made on a fake site about the President of Poland signing a decree on compensation for Polish residents.

According to the government, the state-sponsored hacking group GhostWriter, active since at least 2017, is among the top attacker groups targeting the country.

Attack campaigns by GhostWriter

  • The threat group targets official email accounts to steal information and take control of their social media accounts to propagate false information.
  • In a different type of phishing campaign, GhostWriter was seen leveraging phishing pages where potential victims are asked to pay a minimum verification fee.

Furthermore, there have been several incidents of cyberattacks against the Polan’s infrastructure of late.

Recent attacks on Poland 

  • In October, IRIDIUM deployed a novel Prestige ransomware aimed at various logistics and transportation sectors in Ukraine and Poland.
  • Another attack campaign—linked to pro-Russian hacktivists' NoName057(16)—was a DDoS attack against Poland’s parliament website (sejm.gov.pl).

Conclusion

Poland's Prime Minister increased the cyber threat level to CHARLIE-CRP and introduced new measures, such as having a 24-hour roaster in government offices and public administration organizations. Additionally, the organizations should be ready with a multi-layer of security to thwart such attacks.
Cyware Publisher

Publisher

Cyware