The Polish Space Agency (POLSA) is currently dealing with a “cybersecurity incident,” it confirmed via its X account on Sunday.
POLSA didn’t reveal much in the way of details about what’s going on, other than that the agency “immediately disconnected” its own network after discovering an intrusion into its systems. The social media post suggests this measure was taken to safeguard the security of its data.
Language like this is often seen in ransomware disclosure notices, although there is no indication that the event involves ransomware at this time. Pulling systems offline suggests POLSA was trying to eradicate a rogue user in the network and/or potentially stop the flow of data out of its servers.
The agency added that regulators and authorities have been alerted to the situation and its investigation into the attack remains ongoing.
The Register contacted POLSA for an update but it did not respond immediately. However, sources inside the agency, who asked to remain anonymous, claimed the attack appears to be related to an internal email compromise and that staff are being told to use phones for communication instead.
At the time of writing, POLSA’s website is unreachable and updates are coming from its X account.
Also confirming the attack via X, Poland’s digitalization minister Krzysztof Gawkowski said “intensive operational activities” were underway to identify who was behind the attack.
Gawkowski also said CSIRT NASK and CSIRT MON, two of the three state computer security incident response teams in Poland, are helping POLSA fend off the attack. The teams belong to Poland’s National Research Institute and the Ministry of National Defence respectively.
Founded in 2014, Gdańsk-based POLSA is part of the European Space Agency (ESA) and oversees the country’s contribution to space exploration and development of technology such as satellites.
It also facilitates the collaboration between academia and industry members, and helps Polish aerospace companies access funding from the ESA. ®