The list of targets for the attack includes at least 4,350 e-mail addresses belonging to Polish citizens, Stanisław Żaryn, spokesman for the minister coordinator of secret services, reported on Tuesday. He informed that the services had information about the aggressors’ connections with the activities of Russian secret services.
In the first half of June, the minister Michał Dworczyk, the head of the Chancellery of the Prime Minister, informed about a break-in on his e-mail address. On Friday, deputy prime minister for security, president of Law and Justice Jarosław Kaczyński published a statement, in which he wrote, inter alia, that “the most important Polish officials, ministers, deputies of various political options were the subject of a cyber attack”. He added that the attack was carried out “from the territory of the Russian Federation” and that “its scale and scope are wide”.
Żaryn: over four thousand e-mail addresses on the target list
On Tuesday, Stanisław Żaryn, the spokesman of the minister for the special services coordinator, said in a statement that “the findings of the Internal Security Agency and the Military Counterintelligence Service show that the list of targets of the social engineering attack carried out by the UNC1151 group included at least 4,350 e-mail addresses belonging to Polish citizens. or functioning on Polish e-mail services “.
“At least 500 users responded to the information prepared by the authors of the attack, which significantly increased the probability of the aggressors’ actions being effective. Polish services have reliable information linking the actions of the UNC1151 group with the actions of Russian secret services,” we read in the statement.
Żaryn informed that on the list of 4,350 attacked addresses there are over 100 accounts used by persons performing public functions – members of the former and present government, deputies, senators, local government officials. “The attack affected people from various political options, as well as media and NGO workers. The list also included the address used by Minister Michał Dworczyk. Cybersecurity services analyzed several messages sent to the minister’s address that could be used for potential phishing – their content and structure were aimed at phishing the data necessary for logging in. There were also several foreign logins to the mailbox used by Minister Dworczyk “- said the spokesman in a press release.
“Element of the action ‘Ghostwriter'”
According to the spokesman, “all the information obtained so far indicates that the actions of the UNC1151 group, which have affected Poland in recent weeks, are part of the ‘Ghostwriter’ campaign, the purpose of which is to destabilize the political situation in Central European countries.” “In connection with the threats in cyberspace identified by the Internal Security Agency, the Agency has in the past issued and regularly communicates warnings to endangered users about possible attacks on social media accounts and e-mail boxes” – we read in the release.
READ MORE. Priwiet, you’ve been hacked! >>>
According to Żaryn, “in connection with the recent events, the Critical Incidents Team adopted recommendations to limit the effects of an attack on persons performing public functions and requested, in accordance with Article 36 of the Act on the National Cybersecurity System, to convene a government crisis management team”. “RZZK approved the action plan and its implementation was entrusted to CSIRT NASK [zespół reagowania na incydenty bezpieczeństwa komputerowego – red.] in cooperation with with the police. The first steps were taken on Friday and are continuing this week. Their main goal is to protect people who may have fallen victim to the attack “- he added.
“Last week, the Internal Security Agency sent the special services of NATO member states information on the latest cyber attacks carried out against Poland,” he informed.
Main photo source: Paweł Supernak / PAP