By Olha Hembik | 2025-06-17

WARSAW -- For more than two years, Russian military hackers have infiltrated Poland's digital infrastructure, tapping surveillance cameras at military sites and border crossings, tracking arms shipments to Ukraine and lurking in email systems tied to NATO's supply chain.

Unit 26165, part of the notorious Russian military intelligence agency known as the GRU, has conducted an extensive cyber-espionage campaign targeting Polish institutions since 2022, Poland's Ministry of Digital Affairs said in a release May 21.

Cybersecurity analysts have linked the unit, also known in the cybersecurity world as APT28, Fancy Bear, Forest Blizzard and Blue Delta, to a series of coordinated attacks focused on undermining Poland's role as a key logistical hub for aid to Ukraine.

The intrusions struck companies involved in defense supply chains and NATO-linked operations, including logistics hubs in Poland and Ukraine -- seaports, airports, air and rail networks and air traffic control systems -- as well as information technology (IT) service providers.

Hackers gained access to delivery schedules, as well as to data on transshipment points and on senders and recipients of military aid. In many cases, they maintained access to email accounts for months without detection.

A digital war

Piotr Kaszuwara, a Polish war correspondent and founder of the NGO Fundacja Przyszłość dla Ukrainy UA Future, has delivered humanitarian aid near the front lines since the start of Russia's full-scale invasion. This war is fought with tanks and missiles but also as an intensive propaganda campaign, he said.

"We've been seeing for a long time that Russia is waging this war against both Ukraine and its allies," Kaszuwara told Kontur.

He pointed to a digital front, where organized hacker groups are "resilience-testing Ukraine."

In the past, films portrayed hacker attacks as crimes aimed at stealing and selling information. "But now their goal is total destruction, and that's a problem," Kaszuwara said.

Cyberspace is now "where the real battle for states' security is being fought," Krzysztof Gawkowski, Poland's deputy prime minister and minister of Digital Affairs, said in a May release.

"The GRU's actions affect public institutions, companies and citizens. We must be vocal about this so no one is surprised when he [or she] is targeted. Our duty is to inform, warn and build resilience -- together, beyond borders," Gawkowski said.

Supporting Ukraine

Companies in the United States, Germany, Czechia, France, Italy, Greece, Bulgaria, Moldova, Romania and Slovakia are vulnerable to GRU cyberattacks too, a Polish report from May citing Warsaw's intelligence services said.

Threat notwithstanding, the attacks are not expected to weaken international support for Ukraine, said Piotr Kulpa, a former Polish deputy labor minister.

"Now support for Ukraine is a litmus test of the manifestation of Europe's solidarity, of how much we are able to stand together," Kulpa told Kontur.

Past inaction after Russia's aggression in Georgia and in parts of Ukraine such as Crimea, Luhansk and Donetsk "demonstrated that such attitudes cause hundreds of thousands of people to be killed," he emphasized.

"You just need to draw conclusions and bear responsibility for it. If we don't draw conclusions as the European Union, we won't be able to live within the bounds of a single economic and political space -- a space of joint security."

Global security challenges

Polish intelligence in the report denounced the GRU for using spearphishing tactics, posing as legitimate institutions via text messages or email, to install malware and steal login credentials from shipping company employees. It included specific internet protocol (IP) addresses used in the attacks.

Cybercriminals will become more effective as artificial intelligence (AI) evolves, Nikita Gladkikh, a US-based AI specialist, said. There will soon be a palpable threat of AI-controlled cyberattacks on Telegram, Discord and YouTube.

"This could usher in a new era of high-speed cyberwar, which to be countered will require AI-controlled defense systems that can respond with the speed of a machine," Gladkikh told Kontur. "All of this will create new global security challenges very soon."

The report offers mitigation steps for Polish companies, including software updates, stronger email protection, use of complex passwords and two-factor authentication, and secure control of IP cameras and of remote access.

Support for IT security

Poland has earmarked 271 million PLN (€63.6 million) to strengthen IT security, train civil servants and invest in advanced technologies against cyberthreats, the Ministry of Digital Affairs announced May 21.

The funding will go to state institutions nationwide and aims to shield businesses from the fallout of cyberattacks.

"To avoid falling victim to Russian cyberattacks, private Polish companies need to take action to keep themselves safe. But they do have resources: they can connect with the Ministry of Digital Affairs or the Digital Poland Association [Związek Cyfrowa Polska] and find information on how to combat such cyberattacks," Kaszuwara said.

Poland has also introduced digital literacy initiatives for youth. The Polish Scouting and Guiding Association launched an online education program teaching critical thinking, password security and ways of tracking data breaches.

Every scout learns how to report disinformation.

Business owners -- public or private -- must take personal responsibility for server security, said Kaszuwara.

"As a state, we aren't yet prepared for this kind of war," he warned.