Poland Sees Rising Cybersecurity Risks Linked to China

China is emerging as an increasingly significant threat to Poland’s cybersecurity, driven by a surge in cyberattacks targeting critical infrastructure and government institutions.

According to CyberDefence24, a recent report by CSIRT GOV highlights a notable increase in the activity of Chinese-linked hacker groups throughout 2024, including APT15 and UAC-0050 (DaVinci). These groups have been implicated in a series of cyber operations to compromise critical infrastructure, public sector entities, and private enterprises across the country.

It was determined that a server belonging to a Polish transport company established a connection with a system controlled by the APT15 threat group. This connection enabled the attackers to deploy PlugX malware, facilitating remote access and control over the targeted systems.

Using advanced techniques, the attackers injected a piece of malicious code that enabled remote control of the server, data exfiltration, and the compromise of administrative accounts.

The identified PlugX trojan is characteristic of attacks carried out by Chinese hacker groups.

Meanwhile, another group—UAC-0050 (DaVinci)—is conducting phishing campaigns by distributing emails with attachments that install remote access software.

These attacks are targeting the financial sector and aim to intimidate the public through false messages about explosions.

During the vulnerability assessment process, it was discovered that hacker groups exploit weaknesses in TP-Link routers—commonly used in small office environments—to carry out password spraying attacks on services such as Microsoft 365.

Militarnyi previously reported that the Czech government had accused China of a cyberattack targeting the Ministry of Foreign Affairs, which had been ongoing since 2022.

The activity was uncovered as a result of an investigation. In light of information about the prolonged cyber campaign, Czech Foreign Minister Jan Lipavský summoned the Chinese ambassador.

Later, Minister Lipavský wrote on the social media platform X that he had summoned the Chinese ambassador to make it clear that “such hostile actions have serious consequences for bilateral relations.”