Since the beginning of June, two channels on the Russian messaging application “Telegram” have freely uploaded content originating from the private mailbox of the head of the Chancellery of the Polish Prime Minister Michał Dworczyk.
This content included analysis of solutions which would allow Belarusians to settle in Poland, correspondence with PM Mateusz Morawiecki and other members of government, and screenshots of Dworczyk’s private documents. There were also pictures of conversations which suggested that the government had considered using the military to secure the Women’s Strike in 2020.
On Thursday, however, these channels were removed from Telegram. A notice was posted which explained that the channels had broken the application’s terms and conditions.
According to portal Wirtualna Polska, employees from several departments of the Chancellery of the PM flooded Telegram and other institutions with emails to remove the content.
A key role was to have been played by one of the advisors from the department of cybersecurity. Telegram was allegedly “made aware” that maintaining both of the channels in question could threaten the application’s existence.
One undisclosed NATO country was to have helped Poland, since parts of Telegram’s infrastructure was located on its territory. The Americans also helped through Apple and Google, who threatened that they would remove the messaging app from their stores.
In early June, information appeared in Polish media that hackers had managed to break into Michał Dworczyk’s private email account. Since June 4, mails and screenshots from his account appeared on Telegram’s channels. Dworczyk himself informed Twitter that information and news partially stolen as a result of the hacker attack was being introduced to Polish public opinion through the “Telegram” app.
The cyberattack against Michał Dworczyk was not the only one in recent months. There was a whole series of hacker attacks against the email accounts of United Right politicians. Between October 2020 and January 2021, several accounts were taken over by the hackers.
According to American company Mandiant, the “Ghostwriter” group was responsible for the attacks. The group also stood behind a series of disinformation campaigns. Polish special services suspect that “Ghostwriter” was also responsible for the attack on Dworczyk’s email account.