article featured image


Poland is warning of a spike in cyberattacks from Russia-linked hackers, including GhostWriter, a state-sponsored hacking group.

Poland’s official website claims hostile cyber-activity has intensified, targeting public domains and state organizations, strategic energy and armament providers, and other critical entities.

According to the Polish government, Russian hackers target their country because they continue to support Ukraine in the ongoing military conflict.

Cyberattacks in the Recent Past

A DDoS (distributed denial of service) attack was attributed to the pro-Russian so-called hacktivist group NoName057(16) against the parliament website (‘sejm.gov.pl’).

In the aftermath of the parliament’s decision to recognize Russia as a state sponsor of terrorism, the website was rendered inaccessible.

Additionally, the announcement mentions a phishing attack attributed to the GhostWriter group, which the European Union has associated with the GRU, Russia’s military intelligence service. The hacking group has also been linked to the Belarusian government by cybersecurity firm Mandiant.

It is alleged that Russian hackers set up websites impersonating the gov. pl government domain, promoting fake financial compensation for Polish residents.

Upon clicking on the embedded button to learn more about the program, victims are redirected to a phishing site where they are asked to pay a small fee for verification.


More and more often, cyberattacks are used to spread Russian disinformation and serve Russian special services to gather data and vulnerable information. 


Using both of these methods simultaneously is definitely a move attributed to the GhostWriter campaign.

It has been observed that GhostWriter has been active since at least 2017, disseminating false information and anti-NATO narratives to local audiences by impersonating journalists from Lithuania, Latvia, and Poland.

GhostWriter has been targeting Poland recently, breaching email accounts to gather information and taking control of social media accounts to spread false news.

As a result of the growing cyber threat, Poland’s Prime Minister has increased the cybersecurity threat level to ‘CHARLIE-CRP,’ implementing various measures such as 24-hour rosters in designated offices.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.  

Author Profile

Gabriella Antal

SMM & Corporate Communications Officer

linkedin icon

Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.

Leave a Reply

Your email address will not be published. Required fields are marked *