Cyber Incident Victim: Polish Press Agency
Date:
May 2024
Location:
Poland
Summary
A Polish state news agency was likely targeted by a Russian cyberattack, resulting in the unauthorized publication of a fabricated article claiming military mobilization for Ukraine. The false content appeared twice on the agency's newswire before being withdrawn, prompting an investigation by national security services. Polish officials attributed the incident to Russian efforts to destabilize the country ahead of European elections, citing a pattern of alleged cyber aggression linked to Poland's support for Ukraine. The agency identified and secured the compromised access point, while Russian authorities denied involvement. This incident followed prior warnings from Poland's cybersecurity research institute about Russian espionage targeting government networks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 31, 2024, Poland's state news agency PAP experienced a cyber incident involving the unauthorized publication of a fabricated article on its newswire. The false report appeared twice—first at 14:00 local time and again at 14:20—claiming Prime Minister Donald Tusk would mobilize 200,000 individuals to fight in Ukraine. PAP promptly removed the article after both instances but confirmed the compromised content was re-released after the initial withdrawal. The agency initiated an internal investigation to determine the circumstances of the breach, with Deputy Editor-in-Chief Justyna Wojteczek stating they had identified and secured the access path used by the attackers. The incident occurred days before the European Parliament elections, amplifying concerns about its potential to disrupt democratic processes.
Polish authorities attributed the attack to Russian threat actors, with Digital Affairs Minister Krzysztof Gawkowski publicly stating evidence pointed to Russian-origin cyber aggression. Prime Minister Tusk characterized the breach as part of Russia’s broader strategy to destabilize Poland ahead of the EU elections. The Internal Security Agency and other specialized services were deployed to investigate the intrusion. This incident followed a May 8 warning from Poland’s National Research Institute (NASK) about Russian cyberespionage targeting government networks, though no direct link between that advisory and the PAP breach was explicitly confirmed. The Russian embassy in Warsaw denied involvement, declining further commentary. Operational impacts included temporary disinformation risks, while PAP maintained continuous news service despite the compromise.