Cyberattack on NCBJ: Traces Lead to Iran
Hackers attacked the National Centre for Nuclear Research in Świerk, Poland, but Polish security systems repelled the attack. Minister Gawkowski pointed to an Iranian connection, but investigators are not ruling out false flags.
Attack on Poland's Only Operating Reactor
Polish cybersecurity services have repelled a hacking attack aimed at the National Centre for Nuclear Research (NCBJ) in Świerk near Warsaw – the only facility in the country with an operating nuclear reactor. The incident was announced on March 12, 2026, by Deputy Prime Minister and Minister of Digital Affairs Krzysztof Gawkowski, who emphasized that initial analyses indicate an Iranian connection.
What Do We Know About the Attack?
Hackers attempted to breach the digital security of the center's IT infrastructure. The attack was detected and blocked by security systems before any damage occurred. "It was not a particularly large attack in scale, but there was an attempt to breach security, which was stopped," said Minister Gawkowski during a podcast on TVN24+.
NCBJ Director Jakub Kupecki confirmed that all security systems functioned according to procedures. Data integrity was not compromised, and the MARIA research reactor – the only operating one in Poland – continued to operate safely at full power throughout. There were no disruptions to research or operational processes. In response to the incident, the NCBJ, NASK-PIB, the Ministry of Digital Affairs, and the Ministry of Energy cooperated.
Iranian Connection – But How Certain?
Deputy Prime Minister Gawkowski indicated that "the first identifications of entry vectors are related to Iran," while cautioning that this may be a deliberate camouflage of the true perpetrator. Energy Minister Miłosz Motyka took a similar stance – he confirmed the Iranian lead but emphasized that investigators are not ruling out false flags. Accurate attribution requires further investigation by Polish special services, which may take several days.
Context: Escalation of Cyberwarfare
The incident fits into an alarming trend of global cyberwarfare escalation linked to the Middle East conflict. On February 28, 2026, the United States and Israel conducted joint military strikes on Iran. In the following hours, Iranian hacking groups – both state-sponsored and regime-affiliated – increased activity against targets in the West.
According to analysts at Palo Alto Networks (Unit 42), Iranian groups have been intensively attacking critical infrastructure since the beginning of 2026: energy systems, research institutions, and government networks in Europe and North America. Experts warn that Iran is increasingly using artificial intelligence to accelerate and improve offensive campaigns – cyberattacks have become an integral part of Iran's retaliatory strategy.
Why is NCBJ a Valuable Target?
The MARIA reactor, operating in Świerk since 1974, is a key element of Poland's scientific infrastructure. The center conducts research in nuclear physics, reactor technology, and radiation applications, and also supports the national nuclear energy program. A potentially successful attack would mean the risk of sabotaging research or acquiring sensitive technological data.
Poland has been a target of hackers linked to Russia for years, but the incident at NCBJ signals that the country is becoming a target for an increasingly wider range of state actors. As an active NATO ally supporting Ukraine, Poland is strategically exposed to cyber aggression from many directions.
Defense Worked – Threat Remains
Repelling the attack is good news – Polish procedures and security systems proved effective. However, the incident is a signal that critical nuclear infrastructure is becoming a desirable target in the era of geopolitical cyberwarfare. The results of the ongoing investigation may have serious consequences for Polish cybersecurity policy and diplomatic relations with Tehran.
