Cyberattack on Polish government officials linked to Russian hackers

Cyberattack on Polish government officials linked to Russian hackers
© Getty Images

A recent string of cyberattacks targeted at thousands of Polish email users, including government officials, have been linked by the Polish intelligence services to a Russian hacking group. 

“The findings of the Internal Security Agency and the Military Counterintelligence Service show that the UNC1151 group is behind the recent hacker attacks that hit Poland,” Stanisław Żaryn, a spokesperson for the Polish Minister Coordinator of Special Services, said in a translated statement Tuesday. 

“The secret services have reliable information at their disposal which [links] this group with the activities of the Russian secret services,” he said. 

ADVERTISEMENT

Żaryn noted that given past actions of the UNC1151 hacking group, Polish officials believed the attacks on Poland were part of a larger effort to destabilize Central European nations. 

Żaryn said that the recent attacks hit 4,000 Polish email users, more than 100 of whom were former and present members of the Polish national government, senators, local government officials and others. 

Among those targeted by the hackers was Michał Dworczyk, the chief of the Polish prime minister’s office. Żaryn said there were foreign logins used to access Dworczyk’s email, and several potential malicious phishing emails sent to the account. 

The Russian hackers also targeted those working for nongovernmental organizations and media groups. 

Żaryn said the Polish government notified member nations of NATO of the hacking incident last week. 

The attacks come as Russia is under increasing international pressure due to cyberattacks linked to both the government and cyber criminal groups operating from within the country. 

ADVERTISEMENT

U.S. intelligence agencies linked the Russian government to the SolarWinds hack earlier this year, which compromised nine federal agencies and 100 private sector organizations. 

Russian-speaking cyber criminal groups have also been linked to recent ransomware attacks on Colonial Pipeline and JBS USA, which significantly disrupted critical supply chains. 

President BidenJoe BidenHouse Republican calls second bout of COVID-19 'far more challenging' Conflicting school mask guidance sparks confusion Biden: Pathway to citizenship in reconciliation package 'remains to be seen' MORE imposed a sweeping set of sanctions on Russia in April in retaliation for the SolarWinds hack, and addressed his concerns around cybersecurity issues with Russian President Vladimir PutinVladimir Vladimirovich PutinFox News: 'Entirely unacceptable' for 'NSA to unmask Tucker Carlson' Overnight Defense: US launches another airstrike in Somalia | Amendment to expand Pentagon recusal period added to NDAA | No. 2 State Dept. official to lead nuclear talks with Russia No. 2 State Dept. official to lead nuclear talks with Russia next week MORE during their summit in Switzerland last week. 

The U.S. and other NATO member states endorsed a new cyber defense policy during the NATO summit in Brussels last week, which took steps to lay out how NATO would respond to a major cyberattack on a member. 

Biden told reporters at the summit that the new policy would “improve the collective ability to defend against counter-threats from state and nonstate actors against our networks and our critical infrastructure.”

“Our alliance can still prevail against the challenges of our time,” Biden said.