Poland’s government has been targeted in a series of “unprecedented” cyberattacks that have been unusually well-coordinated.
Poland’s Prime Minister Mateusz Morawiecki presented details about the cyberattacks that hit Polish institutions and individuals. At a closed-door session of Poland’s parliament, Prime Minister Mateusz Morawiecki had to present secret documents and confirmed that Poland had been the target of an unprecedented cyberattack.
“Lately we’ve been subject to an unprecedented cyber attack against Poland, against Polish institutions and against individual email account users,” Morawiecki told the Polsat News television channel on Tuesday.
The hackers were able to gain access to the email account of Michal Dworczyk, the head of the prime minister’s office, after he fell victim to a phishing email.
The hackers used Telegram encrypted messaging service to leak the stolen emails publicly. The emails were stolen from a Gmail account that was set up by the politician. It is believed that they were obtained through a phishing attack.
“The leaked emails were allegedly stolen through a private account the politician set up on one of the popular Polish portals. The leak is believed to have occurred at the end of last year and many indications suggest Dworczyk had fallen victim to a phishing attack,” reads a post published by the Euractiv website.
There were no secret information in the emails, but the incident revealed that the head of the Prime Ministers Office used a private email account to conduct official business:
“There is no top-secret information in the disclosed emails, but there is no doubt that the head of the prime minister’s office used a private email account for official contacts as email exchanged were found between him and Prime Minister Mateusz Morawiecki, government spokesman Piotr Müller and Development, Labour and Technology Minister Jarosław Gowin.”
Dworczyk confirmed that he did not have secret documents in his email account.
Hackers also targeted other government members and groups such as the PiS party, and even individuals from the Netherlands, according to Muller.
Dworczyk also added that some of the leaked emails were fabricated, likely by a Russian threat actor. The metadata of the messages and the language of the published files indicate that they were prepared by Russian speakers. However, this is not enough to attribute the attack, Polish officials said.
The authorities are still investigating these attacks.