Cyber Incident Victim: Health Ministry
Date:
Mar 2021
Location:
Poland
Summary
Polish government websites, including the Health Ministry's, were compromised and used to disseminate false information about a non-existent radioactive threat from Lithuania, claiming that the health and lives of residents near the border were in danger. The hack also targeted the Twitter account of a journalist covering Russian and Eastern European affairs, amplifying the fabricated story. A security services spokesman described the operation as having the hallmarks of a Russian
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On March 17, 2021, the official websites of Poland’s National Atomic Energy Agency and the Health Ministry were compromised by unidentified attackers. The intruders briefly altered content on both sites to publish a fabricated statement warning of a non-existent radioactive threat. This false information claimed a nuclear waste leak was emanating from neighboring Lithuania and posed a danger to Polish citizens, specifically those residing near the Lithuanian border. The hoax message explicitly stated that the health and lives of people in the affected area were in peril. In a coordinated action, the attackers also hijacked the Twitter account of a journalist known for covering Russian and Eastern European affairs. This compromised social media account was used to amplify the disinformation, helping to spread the fabricated nuclear threat narrative more widely across online platforms. The malicious posts on the government websites and the hijacked Twitter feed were live for a short period before being identified and removed by administrators.
The incident was quickly addressed by Polish authorities, with Stanislaw Zaryn, spokesman for the head of the country’s security services, providing a public assessment. Zaryn stated that the entire operation bore the hallmarks of a Russian cyberattack aimed at sowing suspicion and division among Western allies. He drew a direct parallel to a similar hacking attempt in 2020 where false information about a non-existent radioactive cloud from Chernobyl, Ukraine, was spread in Poland. Despite the attackers’ efforts to create alarm, the fabricated story about the Lithuanian nuclear leak apparently did not receive significant public attention or cause widespread panic. The swift detection and removal of the false content from the government portals, combined with the limited reach of the disinformation, constrained the immediate operational impact of the breach. The event underscored ongoing threats of state-sponsored information operations targeting Polish state digital assets.