Cyber Incident Victim: Polish National Atomic Energy Agency
Date:
Mar 2021
Location:
Poland
Summary
Polish government websites, including those of the National Atomic Energy Agency and Health Ministry, were hacked to spread false information about a non-existent radioactive threat from Lithuania. A journalist's Twitter account was also compromised to amplify the misinformation. Government officials stated the attack exhibited hallmarks of Russian cyber efforts to sow division among Western allies, recalling a similar prior incident involving fabricated radioactive cloud warnings. The false alerts warned of danger to residents near the Lithuanian border but reportedly received little attention.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On March 17, 2021, hackers compromised two official Polish government websites, those of the National Atomic Energy Agency and the Health Ministry, and used them to briefly publish false information. The fabricated content warned of a non-existent radioactive threat, specifically claiming a nuclear waste leak was emanating from neighboring Lithuania and endangering Poland. This false statement explicitly warned that the health and lives of Polish citizens residing near the Lithuanian border were in immediate danger. The attackers' method involved directly altering the content on these authoritative state-run portals to lend credibility to the hoax. The disinformation campaign was subsequently amplified through an additional vector when the Twitter account of a journalist known for covering Russian and Eastern European affairs was also hacked and used to further spread the same false narrative. This multi-platform approach aimed to maximize the reach and perceived legitimacy of the fabricated emergency.
The incident was detected and the false content was removed from the government websites after a short period of time. A Polish government official, Stanislaw Zaryn, spokesman for the head of the country’s security services, provided a public assessment of the attack's origins and intent. Zaryn stated that “the whole story looked like a typical Russian attempt” to sow suspicion and division among Western allies. He directly linked the modus operandi to a similar hacking event that occurred in 2020, which had also spread false information about a non-existent radioactive cloud drifting toward Poland from Chernobyl, Ukraine. The 2021 false warning regarding Lithuania, however, apparently did not receive significant public attention or cause widespread alarm, as the messages "apparently did not receive much notice." The event underscored ongoing cyber tactics targeting Polish state infrastructure to disseminate panic-inducing misinformation with geopolitical undertones.