Cyber Incident Victim: Urząd Marszałkowski Województwa Mazowieckiego
Date:
Dec 2022
Location:
Poland
Summary
A ransomware attack targeted the Marshal's Office of the Mazovian Voivodeship, compromising its "Wrota Mazowsza" project infrastructure and regional node systems used by local governments. The malware encrypted files, forcing applicants to resubmit documents sent via the ePUAP platform during the attack window and disrupting services at affiliated offices like Radom City Hall. Operational impacts included extended processing times, temporary service unavailability, and communication difficulties, with a high probability that data processed in affected systems was accessed by unauthorized third parties. Incident response efforts focused on determining the full scope of the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 5, 2022, the Marshal’s Office of the Mazovian Voivodeship confirmed a ransomware attack targeting its Regional Node infrastructure, including systems supporting the "Wrota Mazowsza" project. The malicious software encrypted files and compromised IT environments used by local government units and project partners. Forensic analysis indicated the attack occurred between December 2 and December 5, 2022, with activity persisting until 6:30 a.m. on the latter date. Attackers likely exfiltrated data processed within affected systems, creating a high probability that sensitive information resided with unauthorized third parties. The incident disrupted operations across multiple municipalities relying on shared infrastructure, with the Radom City Office among the first to report service degradation. Technical teams initiated containment procedures upon confirmation of the incident, though specific remediation steps were not publicly detailed.
The attack forced the Radom City Office to mandate resubmission of all ePUAP platform correspondence sent between December 2 and December 5, 2022, due to potential data loss or corruption. Citizens faced service interruptions including delayed case processing, temporary unavailability of select municipal services, and impaired communication through official ePUAP mailboxes. Physical document submissions via registry offices became necessary as alternative channels. Broader impacts extended to partner organizations using the Marshal’s Office IT systems, though specific affected entities beyond Radom were unnamed. Response efforts focused on forensic investigation to establish attack vectors and scope while restoring critical operations. No ransomware variant or threat actor was identified in available disclosures. The Marshal’s Office maintained public updates through its website regarding incident consequences without confirming data restoration timelines or ransom payment status.