Poland Hit by Surge in Cyberattacks, With Record High in 2024

Poland has experienced a significant surge in cyberattacks in recent years, with the number of incidents skyrocketing from 40,000 in 2022 to 80,000 in 2023. The first quarter of 2024 has already seen a record high in cyberattacks, raising concerns about the country's cybersecurity.

Why this matters: The surge in cyberattacks on Poland highlights the growing threat of malicious cyber activity to national security and critical infrastructure, with potential consequences for the entire European Union. It also underscores the need for international cooperation and collective action to combat cyber threats and hold responsible actors accountable.

These attacks are part of a larger malicious cyber campaign conducted by theRussia-controlled Advanced Persistent Threat Actor 28 (APT28)against various European Union Member States, including Germany, Czechia, Poland, Lithuania, Slovakia, and Sweden. APT28, also known as Fancy Bear, exploited a vulnerability in Microsoft Outlook, specifically CVE 2023 23397, which was disclosed in the March 2023 Patch Tuesday update.

The European Union and its Member States, along with international partners, strongly condemn these cyberattacks, which demonstrate Russia's continuous pattern of irresponsible behavior in cyberspace. The EU has imposed sanctions on individuals and entities responsible for APT28 attacks in the past, including those targeting the German Federal Parliament in 2015.

The United States has also condemned Russia for its alleged "malicious" cyberattacks against several European countries, including Poland. US State Department spokesman Matthew Miller stated, "The United States strongly condemns the malicious cyber activity by Russia's General Staff Main Intelligence Directorate (GRU), also known as APT28, against Germany, Czechia, Lithuania, Poland, Slovakia, and Sweden."

The EU has called on Russia to stop its malicious cyber activity and abide by its international commitments and obligations. The EU spokesperson Peter Stano emphasized,"The EU will not tolerate such malicious behaviour, particularly activities that aim to degrade our critical infrastructure, weaken societal cohesion and influence democratic processes, mindful of this year's elections in the EU and in more than 60 countries around the world."

The EU, along with the US and NATO allies, will continue to take action to disrupt Russia's cyber activities, protect citizens and foreign partners, and hold malicious actors accountable. The EU is determined to use the full spectrum of measures to prevent, deter, and respond to Russia's malicious behavior in cyberspace and will continue to cooperate with international partners to promote an open, free, stable, and secure cyberspace.

As Poland grapples with the record-high number of cyberattacks in 2024, the international community remains united in its condemnation of Russia's alleged involvement. The surge in incidents, from 40,000 in 2022 to 80,000 in 2023, highlights the urgent need for enhanced cybersecurity measures and international cooperation to counter the growing threat posed by malicious actors in cyberspace.

Key Takeaways

• Poland saw 80,000 cyberattacks in 2023, up from 40,000 in 2022.
• Russia's APT28 group is behind the attacks, exploiting a Microsoft Outlook vulnerability.
• The EU and US condemn Russia's cyberattacks, citing a pattern of irresponsible behavior.
• The EU calls on Russia to stop malicious cyber activity and abide by international commitments.
• International cooperation is needed to counter the growing threat of malicious cyber actors.