Poland’s security services reported that they had broken up an alleged cyber sabotage group linked to Russia and Belarus that had attempted to “paralyze” the country through cyberattacks. The group, whose members were not publicly identified, extorted information from Polish local government agencies and state companies related to military and security matters, Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, said during a press briefing on 10 September 2024. He referred to the group’s activities, which included blackmail, as “de facto cyberwar.”[1]
The group was allegedly responsible for the attack on Poland’s anti-doping agency, POLADA. Earlier in August 2024, the agency reported that hackers “supported by the services of a hostile state” were suspected of leaking over 50,000 confidential files, including medical records and testing histories of Polish athletes, from POLADA. At that time, Beregini, which describes itself on Telegram as a “Ukrainian hacker group,” claimed responsibility for the attack, stating that it was a response to the Olympic Games being “turned into a political oppression instrument.”
Beregini has previously been observed working in coordination with other pro-Russian groups to share fake documents and spread false information about Ukraine’s war plans. Russia is known for using hacktivist groups to disguise the work of its intelligence services and complicate attribution. Gawkowski said that the attack on POLADA was part of “a broader operational game” conducted by the dismantled group and was likely aimed to gain access to other Polish institutions later.
According to Gawkowski, the goal of the sabotage group’s attacks was “to paralyze the country in the political, military, and economic spheres.” He added that the security services have informed all institutions affected by these malicious activities and that the data extortion and blackmail carried out by the group’s members “have been stopped.”
According to Gawkowski, cyberattacks on Poland have doubled since last year, amounting to more than 400,000 in the first half of the year. The country is an attractive target for pro-Russian hackers since it supplies military aid to Ukraine and hosts Ukrainian refugees.
During the press briefing, Poland’s Minister of Internal Affairs, Tomasz Siemoniak, said the country’s government "concludes all threats and such situations. The sphere of cyberspace is becoming increasingly important. It is also becoming a tool for coordinating and organizing various activities of foreign services in Poland.”
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://therecord.media/poland-dismantles-cyber-sabotage-group-russia-belarus
Comments