Cyber Incident Victim: Platforma Obywatelska
Date:
May 2025
Location:
Poland
Summary
The political party Platforma Obywatelska reported that its main website and the donation page for its presidential campaign were hit by a DDoS attack that forced a preemptive shutdown of the servers to prevent further damage. The attack, attributed by the prime minister to a Russian hacker group operating on Telegram, also targeted sites affiliated with the Left and the PSL. Police cybercrime units have begun procedural actions, noting that such offenses fall under article 269a of the penal code and carry a possible prison sentence of up to five years, with evidence to be forwarded to prosecutors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Friday, May 16, 2025, Jan Grabiec, the head of the Chancellery of the Prime Minister (KPRM), announced via the social‑media platform X that the website of Platforma Obywatelska had been subjected to a hacker attack. He explained that the attack was a distributed denial‑of‑service (DDoS) operation, which flooded the site with a large volume of requests, causing it to become inaccessible and to hang. As a result, both the main PO domain (platforma.org) and the separate site used for collecting donations to support Rafał Trzaskowski’s presidential campaign were temporarily taken offline. Grabiec stated that the decision to shut down the entire server pre‑emptively was made to avoid any further damage that might arise from the ongoing assault, and that technical teams were already working to restore full functionality so that the sites could be brought back online.
Later in the day, after 16:00, Prime Minister Donald Tusk addressed the incident on his own social‑media channels. He attributed the DDoS attack to a group of Russian hackers operating through Telegram and warned that the same actors were also targeting the websites of the Left and the Polish People’s Party (PSL). Tusk emphasized that law‑enforcement and security services were conducting intensive efforts to mitigate the attack and that the assault was still ongoing at the time of his statement. In response, the Central Bureau for Combating Cybercrime (CBZC) issued a communiqué confirming that its officers were carrying out procedural actions, including accepting a crime report and conducting interviews, concerning the DDoS incidents that had occurred that day. The CBZC clarified that the attacks had been directed at the domains of various public entities and reminded that such conduct constitutes a criminal offense under Article 269a of the Polish Penal Code, punishable by up to five years of imprisonment when substantial property damage is incurred. The bureau added that all gathered evidence would be forwarded to the appropriate prosecutor’s office for further legal proceedings.
Grabiec, in a subsequent interview with the Polish Press Agency (PAP), elaborated on the mechanics of the attack, noting that the sheer number of connection attempts overwhelmed the server’s capacity, effectively blocking legitimate users and causing the site to cease functioning. He reiterated that the preventive shutdown of the server was intended to limit the scope of any potential harm and that restoration efforts were underway with the goal of reactivating both the main platforma.org page and the donation‑form site. Grabiec expressed hope that the disruption would not negatively impact the ongoing electoral campaign, though he provided no further details about the timeline for full recovery or any specific technical measures being employed beyond the server shutdown and ongoing recovery work. The narrative presented here relies solely on the information contained in the supplied article, without addition, speculation, or external inference.