Jo Harper
16 April 2024•Update: 16 April 2024
WARSAW
Poland's envoy for cybersecurity said Tuesday there was more than a 100% increase in cyberattacks against the country in 2023 compared to the previous year.
“It is no secret that this is related to the increasing activity of groups linked to the Kremlin and allied countries of the Russian Federation,” Minister of Digital Affairs Krzysztof Gawkowski said during the Secure 2024 conference in Warsaw.
“The number of incidents and threats from APT (advanced persistent threat) groups is increasing, and countries are often unable to respond to these attacks. If we add in the war in Ukraine, I can confidently say that while we are not yet dealing with hostilities, we can already be talking about a full-scale Cold War conflict in cyberspace,” he said.
The threats come not only from Russia but from its allies, including Belarus, he said.
In 2023, "over 80,000 cybersecurity incidents were handled" in Poland, according to a recently published ministry report.
“In 2023 the activity of groups conducting illegal activities in the digital world also increased, ranging from hacktivists, through cybercriminal groups of a commercial nature, to groups associated with other countries or even directly operating within the institutions of APT."
The Polish Institute of International Affairs (PISM) said in 2023 that, excluding Ukraine, Russia most frequently attacked targets in the US (21%), Poland (10%) and the UK (9%), focusing on government infrastructure (27%).
Poland receives a high number of DDoS attacks originating from Russia. DDoS attacks are where an attacker floods a server with internet traffic aiming to block users from accessing online services, according to the Polish Cyber Defense Army.
Websites such as the Railway Transport Office in Poland have experienced increases in such attacks.
Last August, Polish intelligence services said hackers broke into railway frequencies to disrupt traffic in the northwest of the country. The signals had recordings of Russia's national anthem and a speech by President Vladimir Putin, said the services.
PISM noted that the most frequent attacks have been from the Killnet group and units tied directly to the Russian armed forces, including Fancy Bear (APT28), Cozy Bear (APT29) and Sandworm (which is a subunit of GU 74455).
Polish media reported in 2023 that e-mails sent by government officials from their private email boxes had been leaked and made available on the Telegram social media platform.
The Russian government has denied carrying out cyberattacks.
