Cyberattacks on Poland surged after election of pro-Ukraine government, NetScout says

Cyber attackers battered Poland after the country’s change of government late last year.

DDoS attacks at the end of 2023 were nearly quadruple the country’s average, according to cybersecurity firm NetScout’s observations.

The surge began when the Law and Justice party (PiS) lost its majority in last year’s Polish general election. PiS had ruled the country since 2015. It was replaced by a coalition government, which reaffirmed support for Ukraine’s defence against Russia’s invasion.

NetScout described these developments as “a perfect storm” for adversaries.

Several hacktivist gangs promptly responded with a barrage of cyberattacks. The most notable group was NoName057, which started targeting the nation in late December.

Richard Hummel, threat intelligence lead for NetScout, tied the increasing activity to the swearing-in of Donald Tusk as the new Polish premier. Tusk had repeatedly called for increased aid to Ukraine.

“This view stands in direct opposition to NoName057’s pro-Russian agenda, which sees the group attack nations that stand in the way of their ideals and goals — in this case, Poland’s opposition to Russia’s war against Ukraine,” Hummel told TNW.

The group hit various websites across both private and public sectors. The targets  included government administration, transportation and logistics, commercial banking, the judiciary, manufacturing, air transport, and media.  

A big chunk of the cyberattacks were botnet-driven, Hummel said. NoName057 had a particular predilection for botnets running a code called DDoSia, often from a public hosting infrastructure.

Another popular weapon was a technique called reflection/amplification.

“This type of attack is often easy and cheap to launch, as well as being readily accessible via booter and stresser services in the underground internet,” Hummel said.

Cyberattacks linked to global politics

The cyberattacks in Poland followed a common pattern.

During periods of national unrest, hacktivists frequently bombard their political opponents. Another recent example is last December’s salvo of DDoS attacks in Peru, which emerged after former president Alberto Fujimori was released from prison.

The war in Gaza has also triggered a surge in DDoS activity. Between the first and second halves of 2023, daily strikes grew more than tenfold.

“DDoS attacks often spike with a change of guard; we can expect plenty of similar attacks this year with so many significant elections taking place around the world,” Hummel said.

To mitigate the risks, Hummel advises organisations to employ capable DDoS defence systems. They should also ensure the software has advanced visibility into any potential threats — before they develop into political weapons.