Polish Space Agency (POLSA) hit by cybersecurity incident

The Polish Space Agency (POLSA) is currently responding to a cybersecurity incident that was confirmed via its Twitter account on Sunday. 

Following the discovery of an unauthorized intrusion into its systems, POLSA immediately disconnected its network from the internet to protect sensitive data and prevent further access.

Details about the nature of the attack remain limited, but the incident appears to be related to an internal email server compromise. Staff members have reportedly been instructed to use phones for communication instead of digital channels. The language used in POLSA's disclosure is similar to that seen in ransomware notices, although there is currently no confirmation that ransomware is involved in this particular incident.

The disconnection of systems suggests POLSA was attempting to potentially prevent data exfiltration from its servers. POLSA's website remains unreachable, with updates being communicated exclusively through its Twitter account.

Two of Poland's state computer security incident response teams—CSIRT NASK (National Research Institute) and CSIRT MON (Ministry of National Defence)—have been deployed to assist POLSA in responding to the incident and restoring normal operations.

The agency has notified relevant authorities and regulators, and an investigation into the attack is ongoing. POLSA has not provided detailed information regarding what specific data may have been compromised or the extent of the breach.