Poland’s National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact.

In a statement this week, the organization announced that its security systems and internal procedures, designed to detect threats early, prevented the compromise and allowed its IT staff to quickly secure targeted systems.

“Thanks to the rapid and effective actions of security systems and procedures in the event of such an incident, as well as the quick response of our teams, the attack was thwarted, and the integrity of the systems was not compromised," the NCBJ says.

NCBJ is Poland’s main government nuclear research institute specializing in nuclear physics, reactor technology, particle physics, and radiation applications. It provides technical and scientific support for the country’s nuclear power program.

The institute also operates the MARIA, Poland’s only nuclear reactor used for scientific experiments, neutron research, and medical isotope production. MARIA is not used for generating electricity.

NCBJ’s Director, Professor Jakub Kupecki, stated that the cybersecurity incident did not impact the operation of the MARIA reactor, which continues to function safely at full power.

The institute has informed the relevant authorities in the country and started an investigation. Additionally, internal security teams have been placed on high alert to respond to any new threats.

Although the agency did not attribute the attack to any specific threat groups or nations, Reuters reported that Polish authorities found indicators that Iran may be behind the cyberattack. However, investigators are also cautious, as these signs may be false flags.

Earlier this month, the country’s Defense Minister, Wladyslaw Kosiniak-Kamysz, stated that Poland is not participating in the conflict in the Middle East.

Earlier this year, in January, it was revealed that Poland’s power grid, specifically, multiple distributed energy resource (DER) sites, heat and power (CHP) facilities, wind, and solar dispatch systems, had been attacked by the Russian threat group APT44 (“Sandworm”).

In late February, an ICCT report placed Poland high in the target list of Russian cyber-actors, with 31 confirmed incidents attributed to them between mid-2025 and early-2026.