Event 354

{
  "attack_type": "Cyberattack",
  "border_violation_countries": [
    "PL",
    "Air"
  ],
  "category": "Cyber",
  "confidence": "Low",
  "confidence_rationale": "Multiple direct quotes from Polish authorities (NASK, ministry) and technical specifics of the attack were cited; the attribution to Fancy Bear/APT28 is consistent with previous campaign patterns.",
  "countries": [
    "Poland",
    "Russia",
    "Unknown"
  ],
  "country": "Poland",
  "defense_prep": {},
  "description": "Polish government bodies were targeted this week by a Russian cyber-espionage group APT28, which launched a malware campaign exploiting Polish government institutions. The attack involved spear-phishing emails referencing an alleged 'mysterious Ukrainian woman in Warsaw,' which, when clicked, downloaded malware.",
  "event_time_utc": "2024-05-09T12:00:00Z",
  "evidence": [
    "NASK confirmed a large-scale malware campaign exploiting Polish government institutions.",
    "Spear-phishing emails used social engineering about a 'mysterious Ukrainian woman in Warsaw' to lure victims.",
    "When clicking the provided link, malware was downloaded to victims' devices.",
    "Fancy Bear/APT28 identified as the actor, with a history of targeting Western governments."
  ],
  "evidence_quotes": [
    "Polish government bodies have been targeted this week by Fancy Bear (also known as APT28), a Russian cyber espionage group working on behalf of the Kremlin, according to NASK, a Polish state research institute.",
    "NASK’s computer emergency response team said the cyberattack targeting Polish government response team 'observed a large-scale malware campaign exploiting Polish government institutions this week,' announced NASK on Wednesday.",
    "The attack involved the similarity to previous actions by Russian criminal entities, the emails claimed to be about an alleged 'mysterious Ukrainian woman in Warsaw' who has connections to the highest-ranking authorities in Poland and Ukraine.",
    "It then encouraged the reader to click a link to receive more information about her but which in fact downloaded malware onto their device.",
    "Earlier this week, Poland’s digital affairs minister, Krzysztof Gawkowski, declared that 'Poland is in a cyber cold war with Russia' and 'has been subject to very similar attacks in these heavily Ukraine-focused circumstances.'"
  ],
  "evidence_urls": [
    "https://notesfrompoland.com/2024/05/09/russian-hackers-target-polish-government-bodies/"
  ],
  "extra": {
    "category_raw": "Cyberattack",
    "extra": {
      "extra": {
        "extra": {
          "evidence": [
            "NASK confirmed a large-scale malware campaign exploiting Polish government institutions.",
            "Spear-phishing emails used social engineering about a 'mysterious Ukrainian woman in Warsaw' to lure victims.",
            "When clicking the provided link, malware was downloaded to victims' devices.",
            "Fancy Bear/APT28 identified as the actor, with a history of targeting Western governments."
          ]
        }
      }
    }
  },
  "follow_up_by_country": [],
  "headline": "Russian hackers target Polish government bodies",
  "media_assets": [
    {
      "description": "Screenshot capture",
      "type": "screenshot",
      "url": "/media/event_354_1763924225_9c28b435.jpg"
    }
  ],
  "notes": "?? Russian cyberattack by Fancy Bear on ?? Polish govt systems",
  "schema_version": "v1",
  "screenshot_count": 1,
  "sources": [
    "https://notesfrompoland.com/2024/05/09/russian-hackers-target-polish-government-bodies/"
  ],
  "summary_short": "Russian state-backed hackers targeted Polish government institutions with a sophisticated spear-phishing and malware campaign, according to official sources.",
  "url": "https://notesfrompoland.com/2024/05/09/russian-hackers-target-polish-government-bodies/"
}

{
  "5th Column of Russians Inside (which countries)": "",
  "Attack Type": "Cyberattack",
  "Borders Including Sea, Air,  Violation or Sabotage (which countries)": "PL Air",
  "Continuous? (e.g. Jammers)": "",
  "Country (FI;EE;LV;LT;PL;BSR;Air)\nSeparated by Semicolon": "PL;Air",
  "Date": "9-May-24",
  "Defense Prep Event (FI-EE-LV-LT-PL)": "",
  "Defense Prep Event (FI-EE-LV-LT-PL) REF LINK": "",
  "Follow-Up Link?  (FI,EE,LV,LT,PL, BSR, Air)": "",
  "Follow-Up NOTES": "",
  "Follow-Up incl. Investigation, Prosecution?  (FI,EE,LV,LT,PL, BSR, Air)": "",
  "Latitude, Longitude (WGS84, Decimal Degrees)": "",
  "NOTES": "?? Russian cyberattack by Fancy Bear on ?? Polish govt systems",
  "Political Disruptions w/ Laws to Favor Kremlin (which countries)": "",
  "Russian-Belarus Terrorist Event (FI-EE-LV-LT-PL)": "?? Russian cyberattack by Fancy Bear on ?? Polish govt systems",
  "Russian-Belarus Terrorist Event (FI-EE-LV-LT-PL) REF LINK": "https://notesfrompoland.com/2024/05/09/russian-hackers-target-polish-government-bodies/",
  "Screen Snapshot": "",
  "Screen Snapshots": "",
  "Type Dropdown": "",
  "Where?\n(Air, Land, Sea)": ""
}