Cyber Incident Victim: Poland's Tax Service

The cyberattack targeting Poland’s tax service occurred on February 28, 2023, and involved a distributed denial-of-service (DDoS) operation that disrupted the website for approximately one hour. The attack rendered the online tax filing system inaccessible to users during this period. Poland’s Secretary of State for Cyber Security, Janusz Cieszynski, publicly attributed the incident to Russian hackers on March 1, stating investigators possessed information strongly pointing to Russian involvement. The pro-Russian hacker collective NoName057(16) had previously announced plans to attack Poland’s tax authority website via a Telegram post on February 27, aligning with the subsequent disruption. Cieszynski confirmed no data breaches or leaks resulted from the incident, though the tax service itself did not publicly comment. The immediate impact was limited to service availability, with systems restored within hours.

This incident formed part of a broader pattern of cyber operations against Polish infrastructure by pro-Russian groups following Poland’s support for Ukraine. NoName057(16) had previously targeted Polish airport and government websites in response to Poland’s delivery of Leopard tanks to Ukraine the preceding week. Polish security authorities characterized these attacks as systematic efforts by Russian-aligned actors to destabilize Poland through cyber operations, noting the country had been a “constant target” since Russia’s full-scale invasion of Ukraine began. Officials framed the attacks as attempts to exert pressure on Poland due to its frontline NATO status and role as a key military ally to Ukraine, with the security agency explicitly linking Russian cyber hostilities to geopolitical retaliation in December 2022. The tax service attack exemplified the recurrent use of DDoS disruptions against Polish digital infrastructure, though with contained operational impacts in this instance.