Poland’s special services have declared a state of heightened alert amid an escalating wave of cyber threats from Russian hackers. Intelligence agencies report that logistics firms, tech companies, and institutions responsible for critical infrastructure are now in the crosshairs. Poland has been identified as one of the primary targets of Russian cyber operations, according to cybersecurity firm Check Point Software Technologies.
Intelligence Agencies Sound the Alarm
Poland’s Military Counterintelligence Service (SKW) and the Internal Security Agency (ABW) have issued warnings about coordinated attacks targeting companies involved in maritime, rail, and air transport, air traffic control, logistics centers, and IT service providers. The objective of Russian-affiliated hackers, often linked to GRU intelligence, is to obtain sensitive data—especially information about the routes, schedules, senders, and recipients of military equipment deliveries. Such intelligence could be weaponized in operations against Ukraine and its allies.
“All these incidents share a common goal: to disrupt state operations to varying degrees. In today’s geopolitical climate, this directly impacts strategic security,” said Wojciech Głażewski, Country Manager at Check Point Software Poland. “The intent is to destabilize public institutions and instill fear in Poland, which is a key supporter of Ukraine.”
Coordinated Campaign by Russian Hacker Groups
Check Point Software previously reported that Poland’s critical infrastructure has been under sustained attack by threat actors tied to Russia’s GRU Unit 26165—better known as APT28 or “Fancy Bear”—along with groups such as KillNet, NoName057(16), Cyber Army of Russia, APT44, and others. Since 2022, these groups have been conducting a wide-ranging cyber espionage campaign against countries supporting Ukraine.
Most Active Pro-Russian Groups in 2025:
- APT CopyCop – targets media outlets, spreading disinformation and fake content.
- Storm-1679 – disseminates manipulated narratives based on real events.
- Storm-1516 – created over 100 fake news websites publishing propaganda about German politicians and domestic affairs.
- APT44 (Sandworm) – a highly advanced group combining cyberattacks with psychological operations.
- KillNet, NoName057(16), Cyber Army of Russia – responsible for large-scale DDoS attacks and other disruptions against critical infrastructure in Ukraine and allied nations, including Poland.
“Russians are even hijacking civilian devices such as private IP cameras—without the owners’ knowledge,” intelligence agencies warned. Attempts to manipulate software supply chains have also been detected and blocked.
International Condemnation and Collaboration
Governments around the world—including the U.S., U.K., Germany, Czech Republic, Australia, Canada, Denmark, Estonia, France, and the Netherlands—have issued official statements regarding malicious activities by Russian cyber operatives.
Russia: The Greatest Cyber Threat to Poland
Experts at Embroker emphasize that Russia remains the most significant source of cybercrime, driven by an entrenched organized crime network, direct government support (notably from the GRU), and a lack of enforcement mechanisms.
“Russia’s leadership sees cyber and information warfare as core pillars of its military and intelligence strategy,” noted cybersecurity expert Justin Sherman in an article for the Atlantic Council. (source)
Poland ranks among Central Europe’s most frequently attacked nations, especially in the public utilities, transport, and government-military sectors. These sectors suffer over 1,850 attacks per month, on par with the Czech Republic and Hungary, and significantly higher than in Slovakia (1,400) or Germany (1,300), according to Check Point data.
A Growing Global Cyber Threat
The global cybersecurity landscape is rapidly deteriorating. With 5.5 billion internet users, 15 billion IoT devices, widespread mobile access, and fast-developing AI technologies, the digital attack surface continues to expand.
Check Point’s experts highlight new cyberattack vectors in 2025—compromised routers, VPNs, and other network devices now serve as primary entry points. In 2024 alone, over 200,000 devices were hijacked by sophisticated botnets such as Raptor Train. Alarmingly, 96% of attacks exploited vulnerabilities that were known prior to 2024.
New Tactics: Deception and Diplomacy
Russian hackers are also evolving their strategies. In April, Check Point uncovered a campaign where attackers impersonated the foreign ministry of a European country, sending out fake invitations to exclusive diplomatic wine-tasting events. The emails contained links that, while appearing legitimate, led to the installation of spyware.
The Road Ahead: Strengthening Cyber Defense
The surge in attacks is not only a challenge for individual firms but also for national security systems. Cybercriminals are becoming more skilled, bolder, better funded, and more tightly organized.
“With cyberattacks rising, we urgently need a robust defensive strategy grounded in international cooperation, real-time information sharing, and cutting-edge protective technologies. Whether Poland and its neighbors can withstand the pressure and strengthen their cyber resilience in the face of future attacks remains to be seen,” concluded Wojciech Głażewski, Check Point Software Technologies’ director in Poland.
