Poland Reports Surge in Cyberattacks Linked to Russia

Poland faces rising cyber threats, with officials attributing many attacks on critical infrastructure to Russian military intelligence.

Escalating Threats to National Infrastructure

Poland has reported a sharp increase in cyberattacks targeting its critical infrastructure, with officials pointing to Russian involvement. According to Digital Affairs Minister Krzysztof Gawkowski, Russia’s military intelligence has tripled its cyber resources aimed at Poland this year. Of the 170,000 incidents recorded in the first nine months, a substantial number were linked to Russian actors, while others were financially motivated. Daily attack volumes range from 2,000 to 4,000, with 700 to 1,000 posing real or potentially serious threats.

The scope of attacks has expanded beyond traditional targets such as water and sewage systems. Energy infrastructure is now increasingly in focus, raising concerns about broader vulnerabilities. While Gawkowski did not provide detailed figures or methods, he cited intelligence reports as the source of Russia’s growing activity. The Russian government has denied involvement, and its embassy in Warsaw declined to comment.

Strategic Context and Political Implications

Poland’s position as a vocal supporter of Ukraine has made it a prominent target among NATO members, according to Warsaw officials. Repeated cyber intrusions are viewed as part of a broader effort by the Kremlin to destabilize national security. Gawkowski emphasized that Russian operations are particularly concerning due to their focus on infrastructure vital to everyday life. The September 10 drone strike, attributed to Russia, coincided with a major cyberattack—the largest since the outbreak of war in Ukraine in 2022.

Government monitoring detected the drone’s origin early, but disinformation campaigns quickly followed. False claims circulated online suggesting Ukraine was responsible for the attack, aiming to sow confusion and mistrust. These narratives were amplified by automated bot networks, some of which had been dormant for extended periods. Their reactivation points to a coordinated strategy involving both kinetic and digital tactics.

Cyber Defense and Future Preparedness

Poland’s cybersecurity agencies continue to respond to thousands of incidents daily, prioritizing those with the potential to disrupt essential services. The government has not disclosed specific countermeasures but is believed to be enhancing its digital defenses in response to the evolving threat landscape. Intelligence sharing within NATO and the EU is expected to play a role in bolstering resilience. As cyberattacks become more sophisticated, proactive monitoring and rapid response capabilities are increasingly critical.

The September incident highlights the intersection of physical and digital aggression, a trend seen in other geopolitical conflicts. Coordinated attacks that combine drones and disinformation campaigns represent a complex challenge for national security. Analysts note that dormant bot networks can be reactivated with minimal effort, making them a persistent risk. Understanding these tactics is essential for anticipating future threats and protecting infrastructure from hybrid operations.