The National Centre for Nuclear Research (NCBJ) is Poland’s largest research institute focused on nuclear science and technology. It operates the country’s only nuclear research reactor, MARIA, and conducts research in nuclear and particle physics, reactor technology, radiopharmaceuticals for medical applications, and industrial and environmental applications.
NCBJ also supports Poland’s civilian nuclear power program, but it does not conduct any military-related activities. Poland does not have a nuclear weapons program.[1]
In a statement issued last week, the NCBJ said its IT infrastructure was recently targeted by hackers, but the attempt was thwarted and systems have not been compromised. “There was no disruption to any production, operational or research processes, and the MARIA reactor works safely and without interference, with full power,” reads a translation of a statement from Jakub Kupecki, the nuclear center’s director.
Defeat Malware - Deputy Prime Minister and Minister of Digital Affairs Krzysztof Gawkowski told news broadcaster TVN24+ that early indicators suggest Iran as the source of the hacking attempt. He cautioned, however, that the evidence might have been planted to mislead investigators and obscure the true origin.
The attack on Poland’s nuclear research center comes roughly two months after a threat actor targeted the country’s power grid. The power grid attack, attributed to a Russian group, did not result in any electrical outages, but did lead to permanent damage to some industrial control systems (ICS).
One of the most well-known Russian hacking groups that has historically targeted electric grids is known as "Sandworm" (also called Unit 74455 or Voodoo Bear). This group has been linked to multiple cyberattacks on energy infrastructure, including the 2015 and 2016 attacks on Ukraine's power grid, which caused significant outages. Sandworm is believed to operate under the Russian military intelligence agency (GRU) and is known for its sophisticated tactics targeting industrial control systems (ICS) and critical infrastructure. Other Russian-affiliated groups, such as "Energetic Bear" (also known as Dragonfly), have also been associated with cyber operations against energy sector targets.
In the context of the recent attack on Poland’s power grid referenced in this report, a Russian group was attributed as the likely perpetrator, though the specific group was not named in the provided materials.
- Related: US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies
- Related: 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos
- Related: US Braces for Cyberattacks After Bombing Iranian Nuclear Sites
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information (CTI) via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.securityweek.com/hack-attempt-reported-at-polands-nuclear-research-center/
Comments