Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, has reported a marked increase in cyberattacks targeting the country’s critical infrastructure and attributed much of the activity to Russia.
In an interview published on 10 October, Gawkowski said Russian military intelligence had trebled resources dedicated to hostile operations against Poland in 2025. He added that Poland had identified 170,000 cyber incidents in the first three quarters of the year, with a significant share linked to Russian actors and the remainder largely financially motivated.
According to the minister, national systems are confronted with between 2,000 and 4,000 cyber incidents daily. Of these, roughly 700–1,000 are deemed serious enough to require action because they pose a real threat or could lead to severe consequences. Gawkowski said foreign operators had widened their focus from water and wastewater networks to the energy sector, but he did not provide detailed figures on the scale of Russian activity, citing intelligence sources. Russia has repeatedly denied involvement in cyber operations against Poland.
The minister also described a coordinated information operation that coincided with a Russian drone incursion into Polish airspace on the night of 10–11 September. He said Polish cyberspace was “flooded” with false claims that Ukraine had launched drones to provoke conflict, and that dormant bot networks were reactivated to amplify the narrative. Polish officials have previously stated that, as a close supporter of Ukraine, the country remains a principal target for Russian hybrid activity within NATO.
The warning from Warsaw comes amid a series of cyber incidents affecting European public services and transport. On Saturday 20 September, a cyberattack on the MUSE check-in and boarding platform used by multiple carriers caused disruptions at major European airports—including Heathrow, Brussels, Berlin and Dublin—forcing manual procedures and prompting cancellations and delays that carried over into the following day at some hubs. Investigations have pointed to a cyber-related disruption at Collins Aerospace, the system provider.
Further north, Latvian government websites were hit by a large distributed denial-of-service (DDoS) attack on 2 October. Latvia’s State Radio and Television Centre (LVRTC) said the incident briefly knocked out access to several national portals, including the State Revenue Service and the government’s main site, with most services restored within about an hour. LVRTC reported peak malicious traffic at roughly two million requests per second and said no data breach had been detected.
Gawkowski’s remarks align with wider European assessments that Russia has intensified “grey-zone” pressure—combining cyber operations, disinformation, and acts of sabotage—since early autumn. European Commission President Ursula von der Leyen said this week that EU states are facing a targeted campaign involving airspace violations, drone overflights and cyberattacks, and called for coordinated counter-measures, including improved anti-drone defences.
Poland has invested in sectoral cyber defences since repeated waves of attacks began after Russia’s full-scale invasion of Ukraine in 2022. The latest figures suggest the threat tempo has increased further in 2025. While the ministry did not publish a sectoral breakdown for the 170,000 incidents recorded to the end of September, the minister’s reference to energy infrastructure indicates a shift towards systems whose disruption could have immediate public impact.
First published on defencematteres.eu.
