Poland alerts to Russian-linked Ghostwriter hacking groups

According to the Polish government, cyberattacks by Russia-linked hackers are on the rise. This includes GhostWriter (state-sponsored hacker group).

The government of Poland announced that cyber-attacks have increased, and targeted public domains, state organisations, strategic energy, armament suppliers, and other critical entities.

Because of the support that they continue to provide Ukraine during the conflict with Russia, the Polish suspect Russian hackers have targeted their country.

Recent cyberattacks

First, the Polish government highlighted a DDoS attack (distributed Denial of Service) on the Parliament website (‘, which was attributed to NoName057(16), pro-Russian hacktivists.

After the Parliament passed a resolution recognising Russia as a state sponsor for terrorism, the attack took place. The website was then inaccessible to all.

A phishing attack that was attributed to the GhostWriter group is another incident highlighted in the announcement. The European Union has linked the GRU (Russia’s military intelligence agency) with it. Mandiant, a cybersecurity company has linked the hacking group with the Belarusian government.

Polish officials claim that Russian hackers created websites to impersonate the government website, encouraging fake financial compensation for Polish citizens, which was allegedly supported by European funds.

To learn more about this program, click on the embedded link. Victims will be taken to a site that phishes. They are asked to pay a fee to verify their identity.

December ’22 campaign impersonating the Polish tax administration


According to the , “Cyberattacks are being used more and more frequently to spread Russian disinformation” and to serve Russian special forces to collect data and vulnerable information.

GhostWriter is an operation which uses both these techniques simultaneously.

GhostWriter is active at least since 2017, impersonating journalists in Lithuania, Latvia and Poland to spread false information to local audiences.

GhostWriter, which is a cybercriminal focusing on Poland, has attempted to hack email accounts and take control of social media accounts in order to distribute false information.

The increasing cyber threat has prompted the Prime Minister of Poland to raise the cybersecurity risk level to “CHARLIECRP”. He also introduced various measures such as a 24 hour roster at designated offices and government agencies.