Facebook Twitter Instagram Youtube LinkedIn Telegram
A person sits in front of a computer screen in Moers, Germany, 04 January 2019.
©EPA-EFE/SASCHA STEINBACH  |   A person sits in front of a computer screen in Moers, Germany, 04 January 2019.

Russia's global cyberwar: how Poland became one of the main targets of attack

Festivalul de conferințe

Poland ranks sixth in Europe regarding cyber threats, in the lead next to Hungary, Cyprus, Slovakia, Estonia and Belarus. The data shows that in 2022, domestic companies experienced hacker attacks on average every 9 minutes. The targets are not only private firms and Internet users, but increasingly hospitals, transport companies, banks and all administration branches. Who is attacking? Well, cyber-attacks, like war, are a political tool.

In recent days, government websites (which also fell victim to hackers in 2022) have again published a series of warnings against increasing attacks in Polish cyberspace: „This is a response of the Russian Federation to the Polands support provided to Ukraine and an attempt to destabilise the situation in our country. Through hostile operations in cyberspace Russia wants to exert pressure on Poland, as a frontline country and a key Ukraines ally on the NATO eastern flank.”

In the eye of the hacker cyclone: up to 30% of attacks on Polish government agencies may be succesful

Since the outbreak of war in Ukraine, Poland has been one of the critical targets of cybercriminals – the number of incidents is growing exponentially. „Both public administration domains and private companies, the media and ordinary users became targets of hacker attacks,” warned the government. „Entities from strategic sectors, such as energy or armaments, are particularly at risk. Some of these hostile campaigns can be linked directly to the activities of pro-Russian hacking groups.”
The state administration sector has recently been more threatened than the usual targets of hackers - the finance and banking sector. Since October 2022, the number of attacks (per entity) has increased from 1,214 attempts per week to a record 2,316, according to experts from Check Point Research.

The scale of the threat has doubled in relatively brief period of time. Moreover, the public administration sector in Poland is attacked twice as often as other institutions of this type worldwide, according to Check Point data. "In 2022, government agencies or organizations of critical infrastructure, which is crucial for the continuity of the functioning of the state, were most often attacked," state the Check Point report. "In 2023, the number of cyberattacks against utility infrastructure such as gas and electricity companies, public transport, healthcare and water supply companies is projected to increase even further."

Experts warn that unexpected and uncontrolled shutdowns of key infrastructure could cause large-scale civil unrest. Critical infrastructure is a complex system whose protection requires not only security but constant monitoring of threats and analysis of the methods that cybercriminals use to attack systems around the world,” says Wojciech Głażewski, general director of Check Point Research branch in Poland.
In November 2022, Microsoft announced that Russian hackers launched massive attacks on Ukrainian digital infrastructure and Polish transport and logistics organizations. „In recent months, cyberthreat actors affiliated with Russian military intelligence have launched destructive wiper attacks against energy, water and other critical infrastructure organizations
networks in Ukraine as missile strikes knocked out power and water supplies to civilians across the country. Russian military operators also expanded destructive cyberactivity outside Ukraine to Poland, a critical logistics hub, in a possible attempt to disrupt the movement of weapons and supplies to the front,” wrote Clint Watts, General Manager at the Digital Threat Analysis Center. At the end of December, hackers' activities peaked, and for many months the Polish authorities have been calling for particular caution due to the increased possibility of cyber attacks.

The number is unofficial, so it should be treated with reserve, but it is said that 25-30% of attacks on government agencies, operators of critical infrastructure and IT companies are successful. For this reason, on October 6, the Polish government introduced the second level of Bravo alert concerning the Polish energy infrastructure outside the country. Previously, the second stage of Bravo was activated inside the country (along with the third stage of Charlie-CRP, which concerns cyber security).
Robert Kośla, member of the Safe Cyberspace Foundation Council and former director of the Cybersecurity Department at the Chancellery of the Prime Minister, emphasizes, however, that the attacks in cyberspace did not start with the Russian invasion of Ukraine. They had been going on for many years, and their target was critical infrastructure. Today, however, Poland found itself in the eye of the hacker cyclone. The attempts made by cybercriminals are more sophisticated and on a larger scale.

Poland, one major target for Russia’s cyber attacks

Russia for years has been actively using digital space to pursue its own interests, often violating international law. With the help of specialized units within military intelligence (GRU), foreign intelligence (SVR), security service (FSB), and state-sponsored hacker groups, it attacks public institutions and private entities in other countries. Russia uses such attacks to steal, encrypt, or destroy data, and to infect computer networks, which become a source of malware spread to other entities. The actions of Russian hackers are primarily an element of hybrid activities, which Russia often coordinates with online disinformation for a greater impact. Russians carried out extensive cyberattack and disinformation activity during the 2016 U.S. presidential elections and Brexit campaign in the UK, influencing the result in both cases. Russia is also responsible for the 2007 paralysis of Estonian banks, ministries and media outlets, and for the NotPetya malware attack in 2017, considered the most destructive in history (the malware targeted Microsoft Windows–based systems). Originally aimed at Ukraine, it spread to dozens of countries and caused losses estimated at 10 billion dollars.
Russia also conducted intensified activities in cyberspace in preparation for its 2022 invasion of Ukraine. The most serious attack took place in mid-February, when Russian hackers disrupted several Ukrainian government websites, including the ministries of Foreign Affairs and Defence, as well as two of the largest state-owned banks. An hour before the invasion started, in order to surprise and slow down the response, Russia launched a cyberattack on the KA-SAT satellite network operating in Europe and the Mediterranean. By doing so, it disabled communication between several thousand public and private users in Ukraine and disrupted broadband connectivity to tens of thousands of recipients in several EU Member States. In the following months, victims of this massive Russian offensive in cyberspace included Ukrainian authorities, media, and critical infrastructure. Hackers, using mainly phishing campaigns and system loopholes, stole information needed by Russia, destroyed key data on the Ukrainian side, or conducted espionage operations. These cyberattacks were correlated with other actions taken by Russia, and in some cases they directly preceded events on the front, such as the offensive on the city of Sumy, the shelling of the TV tower in Kyiv, and the seizure of the nuclear power plant in Zaporizhzhia.

Moreover, Russia has intensified its activities in cyberspace, targeting, for example, public institutions, humanitarian organisations, and think tanks in more than 40 countries supporting Ukraine. The main target of the Russian operations is the U.S., perceived as the primary adversary on the international level. Poland is the most frequently attacked country in Europe because most transports with military and humanitarian aid to Ukraine pass through its territory. Other NATO Member States, as well as Finland and Sweden, are also targeted. The threat posed by Russia is serious because it has the aim of not only breaking Western security measures (according to estimates, hackers are successful in about a third of the cases) but also to conduct long-term espionage in cyberspace. As in the case of Ukraine, some actions aimed at Western countries remain correlated with events of a political nature, for example, on 23 November the European Parliaments website was attacked by hackers after it declared Russia a state sponsor of terrorism.

The cyberwar is heating up

The Russian authorities use cyberattacks to increase the effectiveness of their actions on the international level. Russias intensified offensive activities in the digital space are aimed at creating instability in democratic states, with the purpose to, among other things, discourage them from supporting Ukraine. The Russian authorities are willingly and increasingly more open to using such tactics because cyberattacks, which are treated as actions below the threshold of war, are rarely responded to by public or private victims. The reasons include the difficulty in identifying the sources of the attack and the limited possibility of punishing the perpetrators. For example, the first sanctions in the EUs history for cyberattacks (including NotPetya) were adopted only in 2020 and covered just three entities and six persons.
Russia
s full-scale invasion has increased the support of Western states in building up Ukraines cyberdefence capabilities. Already in February 2022, the EU launched the Cyber Rapid Response Team (CRRT) for the first time as part of PESCO, delegating experts from the Member States to assist the Ukrainians. Furthermore, Ukraine in March joined as a contributing participant the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). We need to remember that even if Russian troops are pushed out of Ukraine, Kremlin will retain its aggressive cyber capabilities. In this context, „it is important to initiate deepening of cooperation between EU and NATO countries in this area, as well as extending the capabilities to Ukraine and other partners such as Moldova and Georgia. This is crucial not only to improve information exchange and strengthen cybersecurity measures but also to prepare action plans in case of attacks,” analysts of The Polish Insitute of International Affairs noted recently.
Due to the intensification of cyberattacks in the second half of last year, the Information Exchange and Analysis Center was established in Poland, which aims to counteract these attacks. In the latest security report, Gartner estimates that in 2023 the budgets allocated to information security and risk management may reach as much as 188 billion dollars. Furthermore, within three years, it is estimated that the funds for this purpose will increase by over 40%. The cyberwar is heating up.

Tags: War in Ukraine
Ajută Veridica.ro

Article made for project
Fake News - Fake reality: Social resilience through critical thinking.

The project is carried out by the Association of Social Alternatives in partnership with the Association of the International Alliance of Romanian Journalists and the Center Iași County of Resources and Educational Assistance and benefits from a financing amounting to 148,055.00 euros, through the Active Citizens Fund Romania program, funded by Iceland, Liechtenstein and Norway through the 2014-2021 EEA Grants. The contents of this material do not necessarily represent the official position of EEA and Norwegian grants 2014-2021; for more information access www.eeagrants.org.

We work together for a green, competitive, inclusive Europe.

Details about the project here:

SOCIAL ALTERNATIVES
Other articles
Scandal in Poland: did Pope John Paul II protect pedophile priests?

Scandal in Poland: did Pope John Paul II protect pedophile priests?

One book and a documentary film claiming that Pope John Paul II knew about and covered sexual abuses against children lead to a huge scandal in his native Poland, where the former Pontiff is revered. Conservatives and the far-right scrambled to "defend the good name" of John Paul II and seem poised to use the scandal to their advantage in the upcoming elections.

Hungary wants to “sell” the access of Finland and Sweden to NATO in exchange for the unblocking of European funds.

Hungary wants to “sell” the access of Finland and Sweden to NATO in exchange for the unblocking of European funds.

Prime Minister Viktor Orban finds himself in a complicated situation. Politically, he gets increasingly isolated from its Western partners. Hungary's economy is in crisis, and the European funds that could relaunch it have been blocked due to anti-democratic slippages. With all the friendship that Budapest has shown to Russia, there isn’t much Russia can do to help, being itself increasingly affected by Western sanctions. Orban's solution appears to be to block Finland and Sweden's entry into NATO until the EU unlocks funds for Hungary. However, this blackmail policy may have reached its limits.

Michal Kukawski

13 Jan 2023

Updated at: 18 Jan 2023 12:47:11
Michal Kukawski

Follow us on Google News

7 minutes read
Scandal in Poland: did Pope John Paul II protect pedophile priests?
Scandal in Poland: did Pope John Paul II protect pedophile priests?

One book and a documentary film claiming that Pope John Paul II knew about and covered sexual abuses against children lead to a huge scandal in his native Poland, where the former Pontiff is revered. Conservatives and the far-right scrambled to "defend the good name" of John Paul II and seem poised to use the scandal to their advantage in the upcoming elections.

27 Mar 2023
Hungary wants to “sell” the access of Finland and Sweden to NATO in exchange for the unblocking of European funds.
Hungary wants to “sell” the access of Finland and Sweden to NATO in exchange for the unblocking of European funds.

Prime Minister Viktor Orban finds himself in a complicated situation. Politically, he gets increasingly isolated from its Western partners. Hungary's economy is in crisis, and the European funds that could relaunch it have been blocked due to anti-democratic slippages. With all the friendship that Budapest has shown to Russia, there isn’t much Russia can do to help, being itself increasingly affected by Western sanctions. Orban's solution appears to be to block Finland and Sweden's entry into NATO until the EU unlocks funds for Hungary. However, this blackmail policy may have reached its limits.

Ioana Dumitrescu
Ioana Dumitrescu
13 Mar 2023
The narratives about Transnistria draw public attention away from Russia’s plans to destabilize Moldova and its defeats in Ukraine
The narratives about Transnistria draw public attention away from Russia’s plans to destabilize Moldova and its defeats in Ukraine

From disinformation spread by propaganda regarding the imminence of a war in Transnistria, Russia has now moved to official statements about Ukraine’s plans to invade the separatist region of the Republic of Moldova. Transnistria seems to be used to draw attention away from Russia’s plan to destabilize Moldova, as well as from the defeats sustained in Ukraine. Besides, the pro-Russian opposition in Chișinău could take advantage of the panic induced by the prospect of war.

Corneliu Rusnac
Corneliu Rusnac
01 Mar 2023
Bulgarian towns rally in support of Ukraine as society remains deeply divided
Bulgarian towns rally in support of Ukraine as society remains deeply divided

The first anniversary of the full-scale invasion of Russia provoked a wave of pro-Ukraine marches in Bulgaria, a country traditionally associated with heavy political dependencies from Russia. The pro-Russians stayed mostly out of sight for the one year anniversary of the war, but that does not mean that they went everywhere: Moscow still has its supporters in Bulgaria, both among the politicians and the public.

Svetoslav Todorov
Svetoslav Todorov
27 Feb 2023