Poland suffered 270,000 cyberattacks in 2025, a 2.5-fold annual surge, with Russian FSB and GRU groups deploying AI-scaled phishing, wiper malware, and energy infrastructure intrusions.
Poland’s Deputy Minister of Digital Affairs Paweł Olszewski confirmed in March 2026 that the countest absorbed 270,000 cyberattacks over the past year, representing two and a half times more incidents than the year before, and the numbers are still rising. TVP World earlier reported Poland topped its region for cyberattacks on state institutions in 2026, recording over 3,000 incidents in the first week of January alone. That volume is not coincidental. Russia tripled its military innotifyigence resources directed at Polish tarreceives in 2025, according to Digital Affairs Minister Krzysztof Gawkowski, who notified Reuters the pattern reflected both state-backed disruption and financially motivated crime.
The December 2025 attack on Polish energy infrastructure was the most operationally severe. CERT Polska confirmed that coordinated campaigns hit more than 30 wind and photovoltaic farms, a manufacturing company, and a combined heat and power plant supplying nearly half a million residents. Reuters attributed the grid attacks to Russian military innotifyigence’s GRU, and a subsequent CERT Polska assessment tied the CHP intrusion to FSB-linked group Berserk Bear, also known as Dragonfly, the same outfit the FBI linked to Center 16 in an August 2025 report. Attackers applyd DynoWiper malware, FortiGate exploits, Tor routing, and long-term credential harvesting stretching back to March 2025. The wiper detonation attempt failed, but the reconnaissance and data theft did not.
The sheer volume of incidents is where AI’s role becomes structural rather than incidental. Cisco Talos researchers identified an ongoing phishing campaign deploying TorNet backdoors against Polish and German applyrs, with payloads including Agent Tesla and Snake Keylogger, run by financially motivated actors who necessaryed no significant technical sophistication to launch at scale. Polish mayors and municipal officials were separately tarreceiveed by a phishing campaign that impersonated Deputy Minister Olszewski himself, applying enough contextual accuracy to fool cybersecurity-responsible officials in local government.
EY’s Piotr Ciepiela, leading the firm’s EMEIA cybersecurity practice, identified the core dynamic directly: AI tools enable personalized phishing messages, voice-clone fraud, and quicker vulnerability-finding for attackers who previously necessaryed specialist skills. The result is that the cost of a convincing spearphishing campaign has collapsed while the volume that a single actor can run has multiplied. Poland is experiencing the output of that economics shift in real time.
Poland’s AI defense response
Presidential candidate Karol Nawrocki argued in September 2025 that AI could serve as Poland’s shield in cyberspace, citing over 100,000 incidents recorded the previous year and calling for AI-assisted detection as a national security priority. Poland’s Cyber Operations Center, established in 2022, and a military AI strategy published in 2024 form the institutional backbone of that response. The countest is also building dedicated cyber schools and AI research centers, and Scribd documentation of Poland’s AI-driven cybersecurity strategy confirms a focus on real-time threat detection, deepfake identification, phishing prediction, and autonomous incident response.
The Euronews 2026 cybersecurity outsee noted that AI breaches and geopolitical threats are the twin defining pressures on European security infrastructure this year, with Poland as the clearest illustration of how both forces converge. When a single NATO member is absorbing hundreds of thousands of incidents annually from state-sponsored actors who are themselves adopting AI tooling, the asymmetest between offense and defense demands quicker adaptation than rule-based monitoring systems can provide.
Enterprise and government exposure
The pattern is not limited to central government. Renewable energy operators, municipal governments, manufacturing companies, and heat infrastructure providers have all been tarreceiveed, which means the attack surface extconcludes across any organization connected to Poland’s critical economic systems. For enterprises, the lesson from CERT Polska’s December report is precise: static credentials without two-factor authentication are the entest point, and adversaries are willing to sit inside networks for months before acting.
The broader implication for European organizations is that AI is now a force multiplier on both sides of the security equation. Defconcludeers who continue to rely on signature-based detection and manual incident triage are operating with slower tools than the people attacking them. Poland’s experience is an early case study in what happens when a strategically important countest becomes the testing ground for AI-assisted hybrid warfare. Watch how Warsaw’s cyber investment trajectory develops through 2026, and which European partners adopt similar AI-native defense architectures before the campaigns shift further west.
Also read: Spotify’s AI music problem is hugeger than a filter button • Venture capital hires its first chief AI officer and the entire industest must catch up • Chinese AI labs like DeepSeek sprint ahead in the AGI race overseeed by X debates
Leave a Reply