Technology

Hackers are targeting Gmail users in Poland

Gmail users in Poland have become the target of one of the most active cybercriminal groups targeting Polish citizens. CERT Polska warns that for several months now, hackers have been conducting a large-scale phishing campaign aimed at gaining access to email accounts and associated online accounts.

Kuba Kowalczyk
2 Min Read
phishing cyberbezpieczenstwo

CERT Polska has issued a warning about a new wave of phishing attacks targeting Gmail users. The campaign is being carried out by the UNC1151 group, also known as Ghostwriter, which experts have for years linked to Belarus. It is one of the most active groups conducting cyber operations against Polish users and institutions.

According to CERT Polska, since March 2026, the attackers have been sending out fake messages impersonating Google security alerts with great intensity. Previously, the group focused mainly on users of Onet, WP and Interia email services, but now its activities are increasingly targeting Gmail users.

The attack scheme is relatively simple but effective. The victim receives a message informing them of an alleged login attempt, a security breach or the need for urgent account verification. The senders use addresses resembling official communications, such as “monitoring.konta@gmail.com” or “serwis.pomoc.techniczna@gmail.com”. Upon clicking the link, the user is taken to a page that looks strikingly similar to the Google login page.

On the fake site, not only the email address and password are phished, but also the second factor of authentication. This means that criminals can intercept both SMS codes and codes generated by authentication apps. According to experts, this type of attack allows for almost immediate account takeover. Similar techniques have also been observed in other campaigns attributed to UNC1151.

The compromised accounts are then searched for contacts, documents and information enabling access to further services, including social media accounts. The group’s targets include politicians, civil servants, journalists, academics and socially active individuals, though malicious messages may also reach random users.

Experts remind us that Google does not send security alerts from private addresses within the gmail.com domain. It is therefore crucial to check the sender, verify the login page address and exercise caution with messages that create a sense of urgency. Additional protection is provided by hardware security keys, which are resistant to code interception during such attacks.

TAGGED:
Share This Article

More

Sybilla Technologies
Sybilla Technologies

Sybilla Technologies has raised £35m for development

Bydgoszcz-based Sybilla Technologies has raised around PLN 35 million from BGK Group's Vinci…

gold
Business

Oil, inflation and financing. New challenges for entrepreneurs

Particularly important from the perspective of Polish business is the situation around the…

China, Venture Capital
Nvidia

Nvidia is launching the Vera processor on the Chinese market

Nvidia is attempting to rebuild its position in China, but not through the…

Gaming, gaming, monitor, gaming PC and monitor market
Monitory

A new balance of power on desktops: Gaming already accounts for a third of the value of the monitor market

The desktop display market, once seen as mature and lacklustre, is currently undergoing…

Energa Operator
Data Center

Energa-Operator launches MocneStrefy.pl platform for data centre and AI sector

In the case of modern technological investments such as data centres or infrastructure…

cyber security, AI
Cybersecurity

AI more dangerous than password theft. New Verizon report

For years, password theft was the most common cause of data leaks from…

esg, evernex
ESG

ESG targets vs. IT equipment. Evernex introduces an emissions calculator

The IT industry already accounts for around 4 per cent of global carbon…

cio, ai
Mythos

The end of AI investment for image. A lesson from Claude Mythos

Anthropic 's decision to drastically restrict general access to the Claude Mythos Preview…