Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Polish government investigates Russia-linked cyberattack on state news agency

The Polish government is investigating a potential connection between Russia and a cyberattack on the country’s state news agency. The Polish government is investigating a suspected link between Russia and the cyberattack on the country’s state news agency Polish Press Agency (PAP). “The Polish Press Agency (PAP) has been hit by a cyberattack; all pertinent […]

APT28

The Polish government is investigating a potential connection between Russia and a cyberattack on the country’s state news agency.

The Polish government is investigating a suspected link between Russia and the cyberattack on the country’s state news agency Polish Press Agency (PAP).

“The Polish Press Agency (PAP) has been hit by a cyberattack; all pertinent information regarding this critical incident is currently being provided to the relevant authorities,” PAP’s liquidator Marek Blonski and PAP’s editor-in-chief Wojciech Tumidalski wrote in a joint statement. “We are working to strengthen the security of all our systems and services,” Blonski and Tumidalski added. 

The attack on the Polish Press Agency (PAP) occurred in May and aimed at spreading disinformation and destabilizing the country.

Authorities believe that a fake news report on Poland’s national news agency, claiming that Prime Minister Donald Tusk was mobilizing 200,000 men starting on July 1, was likely created by Russia-sponsored hackers. The attack appeared to be an attempt to interfere with the upcoming European Parliament election.

“Everything indicates that we are dealing with a cyberattack directed from the Russian side,” said Krzysztof Gawkowski, a deputy prime minister who also holds the digital affairs portfolio. “The goal is disinformation ahead of (European Parliament) elections and a paralysis of the society.”

Two fabricated reports about a partial mobilization in Poland starting on July 1, 2024, were released on the PAP service on a Friday afternoon. PAP clarified that they were not the source of these reports, and promptly annulled and withdrawn them.

Polish authorities suspect that Russia carried out the attack. 

PAP CEO Marek Błoński condemned the attack.

“We are committed to clarifying the issue in collaboration with the appropriate state services”, Błoński said.

Polish media outlets, including Polskie Radio, have reported frequent targeting by Russian hackers, with Polish companies experiencing over 1,400 attacks weekly.

The Russian embassy in Warsaw told Reuters it had no knowledge of the incident and declined further comment.

In May, CERT Polska and CSIRT MON teams issued a warning about a large-scale malware campaign targeting Polish government institutions, allegedly orchestrated by the Russia-linked APT28 group.

The attribution of the attacks to the Russian APT is based on similarities with TTPs employed by APT28 in attacks against Ukrainian entities.

“the CERT Polska (CSIRT NASK) and CSIRT MON teams observed a large-scale malware campaign targeting Polish government institutions.” reads the alert. “Based on technical indicators and similarity to attacks described in the past (e.g. on Ukrainian entities), the campaign can be associated with the APT28 activity set, which is associated with Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).”

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Polish government)