Cyber Incident Victim: Polish Space Agency
Date:
Nov 2025
Location:
Poland
Summary
Polish cybersecurity services detected unauthorized access to the Polish Space Agency's IT infrastructure, prompting the minister for digitalisation to state that the compromised systems were secured and that intensive operational activities were underway to identify the perpetrators. The agency confirmed the incident to a national news outlet and immediately disconnected its network from the internet to protect data. While Poland has repeatedly accused Moscow of seeking to destabilise the country due to its support for Ukraine, the article does not attribute the attack to any specific actor.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 2, 2025, Polish cybersecurity services detected unauthorized access to the IT infrastructure of the Polish Space Agency (POLSA). Minister for Digitalisation Krzysztof Gawkowski announced the detection via a post on the social media platform X. He stated that the systems under attack had been secured and that intensive operational activities were underway to identify the perpetrators. The announcement came amid ongoing tensions between Poland and Russia over Poland's military aid to Ukraine. Warsaw has repeatedly accused Moscow of attempting to destabilise Poland, a claim that Russia has dismissed.
The Polish Space Agency confirmed to the Polish press agency PAP that a cybersecurity incident had occurred. According to the agency, the situation was being analysed to determine the scope and impact. As a precautionary measure to secure data, POLSA immediately disconnected its network from the Internet. The agency reported that the disconnection was performed promptly after detection. No further details about the specific systems affected or the nature of the unauthorized access were disclosed in the reports. Investigative efforts continued to identify the source of the attack and to restore normal operations once security was assured.