In June 2021, Poland’s Internal Security Agency said that a Russian state-linked group, known as UNC1151, was behind a recent hack-and-leak operation that compromised more than 4,350 email and social media accounts belonging to current and former government officials, reporters, and public figures in Poland. A Telegram channel that originated in Russia in 2013 leaked information from the hacks, including details from the Polish prime minister’s office relating to armaments purchases and the country’s coronavirus response. Polish security officials said the campaign was designed to amplify divisions within Poland and to strain ties between Poland and its Western partners. UNC1151 is responsible for a broader and ongoing influence campaign, dubbed “Ghostwriter,” that spreads disinformation critical of the North Atlantic Treaty Organization (NATO), according to the cybersecurity firm FireEye.
Russian-backed hackers target Polish government officials in hack-and-leak operation