For decades after the Cold War, Poland imagined itself as a frontier state mainly in a geographical sense: the eastern edge of NATO and the European Union, exposed to the anxieties of history but protected by institutions and alliances. Over the past years, that comforting abstraction has given way to something more concrete and more unsettling. Poland has found itself on the front line of a shadow war – one waged not with tanks and missiles, but with drones, explosives hidden along railway lines, courier parcels turned into bombs, compromised officials, and people recruited by the Russian secret services. Don't imagine the kind of super-spies and secret agents from Cold War movies and books: among the new "agents" you can find hooligans without any special training, but who have the advantage of a European passport, which allows them to cross borders undetected, or so-called Russian dissidents, who can operate without being suspected.
What sets apart this recent wave of incidents is not merely their frequency but their coherence. Acts that once might have been dismissed as isolated crimes or murky espionage cases now form part of a recognizable pattern: a campaign of Russian-directed hybrid warfare aimed at destabilizing critical infrastructure, sowing fear and testing the resilience of Polish security institutions. Polish authorities, for their part, have responded with an unusual degree of candour, acknowledging publicly that the country is facing an escalating campaign of sabotage and espionage.
The most dramatic episode came in mid-November, when explosives detonated on a key railway line east of Warsaw. But this was only the most visible manifestation of a broader problem that has been present in courtrooms, prosecutors’ offices and intelligence briefings for months.
Rails as targets
The village of Mika, near Garwolin in eastern Mazovia district, is not the sort of place that expects to make international headlines. On November 15th and 16th, however, it became the focal point of Poland’s gravest security scare in years. Explosives placed along the Warsaw–Lublin railway line detonated, destroying a section of track and narrowly missing a passenger train. According to Prime Minister Donald Tusk, the intention was clear: to cause a catastrophic derailment on one of Poland’s most important transport arteries.
The line in question is not just another stretch of rail. It connects the capital with eastern Poland and, crucially, with Ukraine. It is used by passenger trains, freight traffic and, potentially, military logistics. A successful attack would not only have endangered lives but also disrupted a strategic corridor at a moment when Poland is a key hub for Western support to Ukraine.
Within hours of the discovery, Polish officials confirmed that the damage was not accidental. Investigators concluded that a military-grade explosive had been detonated using a remote initiation system. Subsequent inspections uncovered further suspicious objects along the same route: metal plates bolted to rails, electronic devices attached to tracks and damage to overhead traction lines that shattered train windows near Puławy. What might once have been labelled vandalism now bore the hallmarks of organised sabotage.
Polish prosecutors quickly identified two suspects: Jewhenij Iwanow and Ołeksandr Kononow, both Ukrainian citizens who, according to investigators, fled Poland to Belarus immediately after the attack. Arrest warrants and international wanted notices followed. The speed with which the suspects vanished underscored a recurring problem for Polish services: hybrid operations thrive on mobility, porous borders and the exploitation of legal grey zones.
Terrorism directed by a hostile state
As details emerged, it became clear that the railway sabotage was not an isolated act. Iwanow, Polish authorities revealed, had already been implicated in earlier acts of sabotage in Ukraine, including a failed attempt to bomb a drone factory in Lviv. That plot, uncovered by Ukrainian security services, had been traced back to Russian military intelligence, the GRU, and to a specific handler: Yuriy Sizov, an officer now under EU sanctions for activities threatening European security.
This connection matters. It suggests that the attack near Mika was not improvised, nor the work of freelance extremists, but part of a structured campaign run by experienced officers who recycle assets across borders. In Ukraine, the objective had been to undermine weapons production. In Poland, it was to disrupt infrastructure and signal vulnerability.
Polish officials have been careful to avoid inflammatory language. Yet privately, and increasingly in public, they describe these actions as terrorism directed by a hostile state. In response, the government raised the national threat level on selected railway lines and deployed soldiers from the Territorial Defence Forces to patrol infrastructure stretching more than 100 kilometres towards the Ukrainian border.
Modern espionage thrives on individuals with useful passwords
Railway explosions make headlines. Espionage trials do not. Yet the past two months have also seen a series of court proceedings and indictments that illuminate the less visible side of Russia’s campaign.
In Warsaw, prosecutors sent to court an indictment against Tomasz L., a municipal archivist accused of having spied for Russian civilian intelligence for five years. According to the prosecution, L. exploited his access to civil registry archives to copy sensitive documents that could be used to create false identities for so-called “illegals” – deep-cover operatives embedded abroad without diplomatic cover. If convicted, he faces life imprisonment.
The case is unsettling not because of the defendant’s rank – he was no senior official – but because of the mundanity of his position. Access, not authority, was what mattered. It is a reminder that modern espionage thrives less on ideological converts than on individuals with useful passwords, keys and routines.
Another recent conviction involved a Polish citizen recruited online by Russian intelligence to photograph the Ukrainian embassy in Warsaw. His reward was to be paid in cryptocurrency. He was caught early, sentenced to under two years in prison and stripped of his civic rights. The modest scale of the punishment reflects the modest scale of the damage – but also the sheer ease with which recruitment can now occur.
Asylum systems exploited for intelligence gathering
Perhaps the most disturbing cases, however, involve people who were meant to be under Poland’s protection. In Sosnowiec, a Russian couple – Igor and Irina R. – stand accused of espionage and of helping to send an explosive device through a courier company. According to prosecutors, Igor R. gathered information on Russian opposition figures living in Poland, passed it to his wife on encrypted storage media, and ultimately to Russia’s Federal Security Service (FSB).
The story is complicated by Igor R.’s background. He had presented himself as an opposition activist, fled Russia after the invasion of Ukraine and obtained political asylum in Poland. Some journalists and acquaintances argue that he may have been manipulated or drawn into a Ukrainian operation without understanding its full nature. Others point to evidence that his cooperation with Russian intelligence predated his exile. Polish prosecutors, at least for now, are unimpressed by claims of misunderstanding or victimhood.
What matters strategically is not the precise moral status of one defendant, but the broader vulnerability revealed by the case. Authoritarian regimes have long infiltrated exile communities, but Poland’s experience shows how asylum systems designed for humanitarian protection can be exploited for intelligence gathering and sabotage.
The scale of the problem
Polish officials insist that these cases represent only a fraction of ongoing activity. The Internal Security Agency (ABW) has acknowledged that in recent months it has detained more than 50 people suspected of involvement in Russian-directed sabotage or espionage. Most cases never reach public attention because trials are closed and investigations classified.
This opacity fuels speculation. It also feeds a certain public unease. Poland is a society with fresh historical memories of occupation, collaboration and secret policing. The idea that saboteurs might be operating along railway lines or within municipal offices resonates deeply.
Experts warn against panic, but not complacency. Poland’s railway network alone runs for tens of thousands of kilometres. No system can be guarded at all times. The attack near Mika was detected only because a train driver noticed an irregularity on the tracks and stopped in time. That outcome owed as much to luck as to procedure.
When the state speaks with many voices
The government’s response has been twofold. Operationally, it has increased patrols, involved the military in infrastructure protection and tightened surveillance along critical routes. Politically, it has chosen transparency, with senior ministers publicly attributing the attacks to Russian intelligence rather than hiding behind euphemisms.
The Polish government’s instinct toward transparency has been notable. Yet transparency without coordination can be counterproductive. Analysts from the Res Futura research collective argue that the aftermath of the Mika sabotage exposed a structural weakness: the absence of a unified state communication strategy in moments of acute crisis.
In the first 24 hours, different officials offered divergent framings – ranging from cautious ambiguity to unequivocal attribution. The result was not reassurance but confusion. In that vacuum, partisan media and fringe commentators gained disproportionate influence, framing the incident as proof of elite failure or hidden agendas.
This matters because hybrid warfare thrives on institutional dissonance. When ministries, services and political camps contradict one another, adversaries need not invent falsehoods; they need only amplify inconsistency. The erosion of trust that follows is cumulative and difficult to reverse.
Alert but not paranoid, firm but not reckless
Months of sabotage, arrests and indictments have not brought Poland to the brink of chaos. Trains still run. Institutions still function. But the illusion that war stops neatly at Ukraine’s borders has been shattered.
Russia’s campaign against Poland is not about conquest. It is about pressure: raising costs, stretching resources and reminding Warsaw that its strategic choices have consequences. For now, those consequences are measured in damaged rails, disrupted lives and anxious headlines rather than mass casualties. And that is precisely the point. Hybrid warfare is designed to stay below the threshold that would trigger a conventional response, while remaining sufficiently visible to unsettle. Poland, like other frontline states, still must learn to live with this ambiguity – alert but not paranoid, firm but not reckless.
History suggests that such shadow wars rarely end quickly. The real test for Poland will not be whether it can prevent every act of sabotage, but whether it can sustain public trust and institutional resilience while under constant, low-level attack. On that front, at least so far, the country appears bruised but unbowed.
