Cyber Incident Victim: Polish Space Agency

On March 2, 2025, Polish Digitalisation Minister Krzysztof Gawkowski publicly disclosed via social media platform X that cybersecurity services had detected unauthorized access to the Polish Space Agency's (POLSA) IT infrastructure. The announcement confirmed an active cybersecurity incident, though no specific timeframe for the initial breach was provided. In response to the intrusion, POLSA immediately disconnected its entire network from the internet to prevent further unauthorized access and secure potentially vulnerable data. Minister Gawkowski stated that all compromised systems had been secured following incident detection, with operational efforts underway to identify the responsible threat actors. The agency separately confirmed the incident to Poland's PAP news agency, noting that technical analysis of the breach remained ongoing. No details were released regarding the duration of network disconnection or specific operational disruptions caused by the defensive measures.

The incident occurred against a backdrop of heightened geopolitical tensions, with Polish authorities having previously accused Moscow of conducting cyber operations to destabilize Poland over its military support for Ukraine—allegations consistently denied by Russia. POLSA did not disclose whether any data was exfiltrated or systems compromised beyond the unauthorized access, nor did it specify which internal systems or functions were targeted. Minister Gawkowski's statement emphasized containment and investigative priorities but did not outline restoration timelines or additional countermeasures beyond the network isolation. No group or state actor claimed responsibility for the intrusion at the time of reporting, and Polish officials refrained from publicly attributing the attack despite historical context of regional cyber hostilities. The agency maintained its focus on forensic analysis while operating under restricted network conditions to safeguard its infrastructure.