Hackers targeted Poland’s National Centre for Nuclear Research

Hackers targeted Poland’s National Centre for Nuclear Research, but security systems detected and blocked the attack before any damage.

The National Centre for Nuclear Research in Poland reported a cyberattack on its IT infrastructure. The intrusion attempt was quickly detected by security systems, allowing staff to secure the targeted systems and prevent any operational impact.

“The National Centre for Nuclear Research announces that an attempted cyberattack on the Institute’s IT infrastructure recently occurred.” reads the press release published by the NCBJ. “Thanks to the rapid and effective actions of our security systems and procedures, as well as the rapid response of our teams, the attack was thwarted, and the integrity of the systems was not compromised.”

The National Centre for Nuclear Research (NCBJ) is Poland’s leading nuclear science institute. It conducts research in nuclear energy, physics, and technology and operates the MARIA reactor, one of Europe’s most powerful research reactors. The MARIA reactor at the National Centre for Nuclear Research is a high-flux research reactor used for scientific experiments, nuclear physics research, isotope production, and training. It plays a central role in Poland’s nuclear research and serves both domestic and international scientific projects.

According to Director Jakub Kupecki, no production, research, or operational activities were disrupted and the MARIA reactor continues to operate safely at full power.

The institute is coordinating its response with several government bodies, including NASK-PIB, the Ministry of Digital Affairs, Deputy Prime Minister Krzysztof Gawkowski, and the Ministry of Energy to ensure the highest level of protection for critical infrastructure.

“The situation is being continuously monitored by the appropriate services and security teams. The National Centre for Nuclear Research remains fully prepared to respond to any attempts to breach the country’s digital security and critical infrastructure.” concludes the press release. “We emphasize that the National Centre for Nuclear Research is operating without disruptions and the MARIA nuclear reactor is safe.”

According to Reuters, the Polish government is investigating signs that Iran may be behind the attack, while cautioning that these indicators could be a deliberate misdirection to conceal the attackers’ true origin.

Minister for Digital Affairs ​Krzysztof Gawkowski revealed that the attack took place “in the ​past few days”.

“The attack may not have been on a huge ​scale, but there was an attempt to break through the security that was stopped. Appropriate services are already working”, Gawkowski said.

“The first identifications of the entry vectors, i.e. those places ​from which (the centre) was attacked, are related to Iran,” he said. “When there is ‌final ⁠information and the services will check it, we will verify it, but there are many indications that it took place on the territory of Iran.”

In January, ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT. The Russia-linked APT group launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Poland)