Attempted Cyberattack on Poland’s MARIA Reactor IT Systems Thwarted

Poland’s National Centre for Nuclear Research (NCBJ) said that its internal defenses detected and blocked a cyber intrusion on March 12-13, 2026, before any operational impact occurred, according to reports from BleepingComputer and Security Affairs.

Jakub Kupecki, director of the NCBJ, told journalists that the institute’s protections worked as designed and that the MARIA research reactor continued to operate normally; Kupecki said the “security systems operated according to established procedures,” as reported by Politico.

Polish authorities, including the Ministry of Digital Affairs and NASK-PIB, activated a coordinated response with the Ministry of Energy and deputy prime minister’s office, Security Affairs reported, and the Ministry of Digital Affairs confirmed the incident to Politico.

Early technical analysis by Polish investigators found what they described as “entry vectors” and other “indicators” linked to infrastructure geolocated in Iran, Security Affairs and Politico reported; however, Polish officials cautioned that these signals may be deliberate false flags and that no full technical attribution has been published yet, according to BleepingComputer.

News outlets BleepingComputer and Security Affairs said no malware samples, payload hashes, or confirmed tools have been released publicly, and the NCBJ and Polish cybersecurity teams report no evidence of data exfiltration or compromise of operational technology networks tied to the reactor.

Cybersecurity context from reporting by BleepingComputer and an ICCT report shows Poland’s critical infrastructure has been repeatedly targeted in recent months; BleepingComputer noted a January 2026 campaign attributed to a Russian-linked group that targeted power systems, and an ICCT report cited multiple incidents affecting Polish energy and government networks since mid-2025.

Western intelligence warnings cited by Politico have also flagged an uptick in Iranian-linked offensive activity against critical infrastructure, which is why Polish investigators are treating the attribution cautiously while they examine logs, intrusion patterns, and any code artifacts, Politico and Security Affairs reported.

Polish authorities and NASK-PIB are continuing a forensic review and technical audits to confirm whether administrative IT or isolated research systems were targeted, and to ensure network segmentation and controls remain intact, according to statements summarized by BleepingComputer.

Security practitioners and Polish officials quoted in Security Affairs and BleepingComputer emphasize practical steps: keep detection and response capabilities tested, enforce multi-factor authentication and least-privilege access, and maintain clear separation between IT and OT environments. NASK-PIB and the NCBJ said they have raised alert levels and are sharing technical information with European partners, Politico reported.

The investigation is ongoing, Polish authorities told Politico, and officials stressed that while early signs point to certain infrastructure, definitive technical evidence for attribution has not been made public. Jakub Kupecki and the Ministry of Digital Affairs said they will publish more details as forensic work permits, according to Security Affairs.

This episode underscores how research and energy facilities remain attractive targets and why national and international coordination, from NCBJ to NASK-PIB and European cybersecurity bodies matters for rapid containment, researchers and officials told BleepingComputer and Politico.

#cybersecurity #Poland #nuclearsecurity #cyberattack #infosec