In a recent statement to the press, the deputy prime minister of Poland, Jarosław Kaczyński, confirmed that email accounts belonging to government officials were successfully hacked in a targeted cyber strike initiated in late 2020.

The deputy prime minister commented

“After reading the information provided to me by the Internal Security Agency and the Military Counterintelligence Service, I inform you that the most important Polish officials, ministers and deputies of various political options were subject to a cyberattack.”

Kaczyński also added that the attacks aimed at the confidential accounts were unleashed from dedicated servers based in Russia:

“The analysis of our services and the secret services of our allies allows us to clearly state that the cyberattack was carried out from the territory of the Russian Federation. Its scale and range are wide.”

Disclosure of a cyberattack

At present the security services of Poland are conducting an ongoing investigation of the email-related attack, with details of the hack being collected and examined as evidence. A document detailing the cyberattack was composed and issued by Poland to the European Commission and Council, along with the European Union member states.

The information contained confirmed that over 30 different members of the Polish government, including officials and MPs as well as political journalists, were affected by the attacks, which started in Autumn 2020.

In a statement following the submitted report, an EU diplomat commented that technical and operational analysis performed by Poland’s national cybersecurity response teams had established that the technique and infrastructure employed in the cyberattacks followed an identical approach to those employed by “Russian-sponsored entities.”

Government email accounts hacked

A previous statement made by Michał Dworczyk, the lead at the Polish Prime Minister’s Office on June 9, explained that anonymous attackers had breached not only his private email account, but his wife’s mail as well, along with both their social media accounts. It is believed that the infiltrated inboxes led to private communications being stolen and then disclosed on a channel of the open-source messaging software Telegram.

Dworczyk added that he had informed the state services of the hacks. He also stated that although it was impossible to assess exactly when his email account was accessed, he had not used the communication channel to send any sensitive information that had the potential to threaten Poland’s national security.

The Microsoft Threat Intelligence Centre (MSTIC) has stated that the hackers with Russian backing behind the recent supply-chain hit on SolarWinds are now focused on undertaking a coordinated and large-scale campaign. The group’s agenda involves targeting international government agencies with phishing attacks.

Researchers at MSTIC recorded targeted victims in 24 different countries, comprising attacks levelled at around 3,000 mail accounts used by over 150 different organisations. These included cases in the United States, where the government also warned organisations around the world of continuing cyberattacks back in April, coordinated by Russian’ Foreign Intelligence Service also known as APT29.

Operators at APT29 are known for targeting foreign organisations, many of them in the US, with a strong focus on government networks and companies operating in the technology sector.