The Polish government is warning of an upsurge in cyberattacks from Russia-linked hackers, including the state-sponsored hacking group known as GhostWriter.

In an announcement on Poland’s official website, the government says hostile cyber activities have intensified, targeting public domains and state organizations, strategic energy and weapons suppliers and other crucial entities.

Poles believe that Russian hackers are targeting their country because of the continued support they have provided to Ukraine in the ongoing military conflict with Russia.

Recent cyberattacks

The first case highlighted by the Polish government post is a DDoS (distributed denial of service) attack on the parliament’s website (“sejm.gov.pl”), attributed to so-called pro-Russian hacktivists NoName057(16 ).

The attack happened the day after parliament passed a resolution recognizing Russia as a state sponsor of terrorism, rendering the website inaccessible to the public.

Another notable incident mentioned in the announcement is a phishing attack attributed to the “GhostWriter” group, which the European Union has linked to the GRU, the Russian military intelligence service. Cybersecurity firm Mandiant has also linked the hacking group to the Belarusian government.

According to the Poles, Russian hackers have created websites that impersonate the government domain gov.pl, promoting bogus financial compensation for Polish residents allegedly supported by EU funds.

By clicking the embedded button to learn more about the program, victims are directed to a phishing site where they are asked to pay a small fee for verification.

“More and more often, cyberattacks are used to spread Russian disinformation and to serve Russian special services to collect vulnerable data and information,” explained the Polish government.

“The operation that is achieved by using these two methods simultaneously is the GhostWriter campaign.”

GhostWriter has been active since at least 2017, previously observed posing as journalists from Lithuania, Latvia and Poland, in order to spread false information and anti-NATO narratives to local audiences.

The announcement warns that GhostWriter has recently focused on Poland, attempting to breach email accounts to collect information and taking over social media accounts to spread false information.

In response to the growing cyber threats, the Prime Minister of Poland has increased the cyber security threat level at “CHARLIE-CRP”, introducing various measures such as maintaining a 24-hour list at designated offices and organizations in the public administration.