Hackers break into Polish banks through government regulator charged with bank security standards

Warsaw, Poland. (Kamil Porembiński/Flickr CC BY SA 2.0)

Polish banks have spent the last week searching for hackers who broke into several of the country’s financial institutions in an incident that looks to be three months old, according to Polish media.

The malware infection appears to have come through — of all things — compromised servers at the Polish financial regulator KNF, which is responsible for enforcing security standards in the banking industry.

The hackers stole no money. Instead, they exfiltrated large amounts of unidentified encrypted data, according to new reports from Polish and English-language media including and Bad Cyber.

“What we know so far is this is likely the most serious incident in the history of Polish banking industry,” Lukasz Olejnik, a security and privacy consultant and a researcher at University College London, told CyberScoop.


The identity of the attackers is unknown. The hack is being called the most serious attack in Polish history, a sophisticated operation requiring a well-resourced group to design and deploy new malware that hit servers and employees, according to analysis from Bad Cyber.

Due to the fact that no money was stolen, Polish media is reporting that Polish officials suspect the attack was a foreign intelligence operation. The Bad Cyber report traces the malware to an external JavaScript file on a KNF webserver.

The KNF website went offline around noon Thursday. After the it returned, spokesman Jacek Barszczewski told Polish media that “work of the office is being carried out unimpeded.” It’s unclear if the two events are related.

Although systems were likely compromised since October 2016, the banks detected an intrusion only about a week ago when they spotted large amounts of outgoing encrypted data and unknown encrypted executables on several workstations.

The Polish Financial Supervision Authority (KNF) acknowledged the attack in public on Friday but has released little information.


Barszczewski told Polish media that the operation of Polish banks is completely unthreatened, a tough assertion to make with certainty when there is no knowledge of the nature of the data exfiltrated from the banks’ systems, not to mention the fact that investigations at several major financial institutions are still ongoing and the number of victims is expected to rise.

The malware acted as a RAT, a remote access tool, that allowed complete control over the targeted machines and their data.

“The regulator is responsible for setting security standards in the banking industry,” Olejnik said. “But it has shown that it is not enforcing standards internally.”

Just this week, Poland was the site of the largest U.S. military deployment to Europe since the end of the Cold War. 87 tanks, 144 armored vehicles and 3,500 troops were move designed to send a message of deterrence to Russia as Eastern European nations express worry about President Donald Trump’s commitment to NATO while Moscow grows more aggressive. The war in Ukraine has intensified over the last several months.

Latest Podcasts