The Polish Space Agency (POLSA) suffered a cyberattack last week, it confirmed on X. The agency didn’t disclose any further information, except that it “immediately disconnected” the agency network after finding that the systems were hacked. The social media post indicates the step was taken to protect data.
US News said “Warsaw has repeatedly accused Moscow of attempting to destabilise Poland because of its role in supplying military aid to its neighbour Ukraine, allegations Russia has dismissed.” POLSA has been offline since to control the breach of its IT infrastructure.
After discovering the attack, POLSA reported the breach to concerned authorities and started an investigation to measure the impact. Regarding the cybersecurity incident, POLSA said “relevant services and institutions have been informed.”
POLSA didn’t reveal the nature of the security attack and has not attributed the breach to any attacker. "In order to secure data after the hack, the POLSA network was immediately disconnected from the Internet. We will keep you updated."
While no further info has been out since Sunday, internal sources told The Register that the “attack appears to be related to an internal email compromise” and that the staff “are being told to use phones for communication instead.”
POLSA is currently working with the Polish Military Computer Security Incident Response Team (CSIRT MON) and the Polish Computer Security Incident Response Team (CSIRT NASK) to patch affected services.
Commenting on the incident, Poland's Minister of Digital Affairs, Krzysztof Gawkowski, said the “systems under attack were secured. CSIRT NASK, together with CSIRT MON, supports POLSA in activities aimed at restoring the operational functioning of the Agency.” On finding the source, he said, “Intensive operational activities are also underway to identify who is behind the cyberattack. We will publish further information on this matter on an ongoing basis.”
A European Space Agency (ESA) member, POLSA was established in September 2014. It aims to support the Polish space industry and strengthen Polish defense capabilities via satellite systems. The agency also helps Polish entrepreneurs get funds from ESA and also works with the EU, other ESA members and countries on different space exploration projects.
OpenAI has admitted that developing ChatGPT would not have been feasible without the use of copyrighted content to train its algorithms. It is widely known that artificial intelligence (AI) systems heavily rely on social media content for their development. In fact, AI has become an essential tool for many social media platforms.
X, the social media platform formerly known as Twitter, recently grappled with a significant security flaw within its iOS app. The issue involved an automatic alteration of Twitter.com links to X.com links within Xeets, causing widespread concern among users. While the intention behind this change was to maintain brand consistency, the execution resulted in potential security vulnerabilities.
The flaw originated from a feature that indiscriminately replaced any instance of "Twitter" in a URL with "X," regardless of its context. This meant that legitimate URLs containing the word "Twitter" were also affected, leading to situations where users unknowingly promoted malicious websites. For example, a seemingly harmless link like netflitwitter[.]com would be displayed as Netflix.com but actually redirect users to a potentially harmful site.
The implications of this flaw were significant, as it could have facilitated phishing campaigns or distributed malware under the guise of reputable brands such as Netflix or Roblox. Despite the severity of the issue, X chose not to address it publicly, likely in an attempt to mitigate negative attention.
The glitch persisted for at least nine hours, possibly longer, before it was eventually rectified. Subsequent tests confirmed that URLs are now displaying correctly, indicating that the issue has been resolved. However, it's important to note that the auto-change policy does not apply when the domain is written in all caps.
This incident underscores the importance of thorough testing and quality assurance in software development, particularly for platforms with large user bases. It serves as a reminder for users to exercise caution when clicking on links, even if they appear to be from trusted sources.
To better understand how platforms like X operate and maintain user trust, it's essential to consider the broader context of content personalization. Profiles on X are utilised to tailor content presentation, potentially reordering material to better match individual interests. This customization considers users' activity across various platforms, reflecting their interests and characteristics. While content personalization enhances user experience, incidents like the recent security flaw highlight the importance of balancing personalization with user privacy and security concerns.
By bringing attention to a fresh cybercrime strategy, a marketing expert from Chennai has assisted others in avoiding the scam. Lavanya Mohan, the woman, talked about her experience on X, (formerly Twitter). She said how she got a call saying that someone was using her Aadhaar card to carry drugs over international borders.
The woman said she had recently read in the news about how two residents of Gurugram were conned out of almost Rs 2 crores by cybercriminals who tricked FedEx executives and cybercrime branch experts into calling people and pretending their Aadhar cards were being used to smuggle drugs into Thailand.
Mohan described her conversation with the fraudsters in a series of X threads posted on her social media account, @lavsmohan. The caller, who was impersonating a customer service agent from a delivery company (FedEx, in Mohan's case), had concocted a story about a package that was supposed to be shipped with drugs from Thailand using her Aadhar ID.
Even more phony data were provided by the fraudster, such as shipment information, a forged FIR number, and even a phony employee ID, to increase the impression of urgency and validity. The caller then warned her about "rising scams" and offered to put her in touch with a customs official to settle the matter.
In her post, Mohan went into further detail about what had happened and expressed her knowledge, saying, "Ma'am, if you don't go ahead with the complaint, your Aadhar will continue to be misused so let me connect you right away with the cyber crime branch." "Threatening consequences + urgency = scam," she continued.
Mohan revealed how she was made aware of the news from Gurugram two weeks prior, when two men lost Rs 1.3 crores and Rs 56 lakhs, respectively, to scammers.
But Mohan held ground and refrained from succumbing to the conman's manipulations. She refused to speak with the caller any further and withheld any personal information, telling them she would wait for police officers to get in touch with her and hang up. She saw the warning signs, which included unwanted calls, threats of legal consequences, and attempts to pressure her into acting quickly.
In response to the crime occurrence, Mohan wrote: "The amount of information he had to provide me is concerning. Their approach is to put you in contact with the police, who then assert that your ID has connections to the criminal underworld." She further stated, "People are losing their hard-earned money and they can't be blamed because these scams are growing more sophisticated."
Following the cybercrimes on Wednesday that used FedEx's name, the business made it clear in an informative statement that it only phones consumers to inquire about shipped products if the client specifically wants to do so.
The company's statement went on to caution that anyone should notify local law officials right away and report any strange calls or messages requesting personal information to the cybercrime.
A similar instance of a "sophisticated" cyber scam was brought to light by well-known Bollywood actress Anjali Patil, who has starred in movies including Newton and Mirzya. The actor was defrauded of Rs 5.79 lakhs in a similar, widely publicized "drug parcel scam" in December 2023.