Poland’s Digital Ministry has issued an urgent warning that hostile foreign intelligence services are infiltrating organizations through fraudulent job candidates.
Government Warning: HR Departments Targeted by Hostile States
Official government warnings indicate that hostile states are launching attacks through HR departments and recruitment processes.
Krzysztof Gawkowski, the Government Plenipotentiary for Cybersecurity, issued an urgent recommendation on April 28, 2026, to all entities within the National Cybersecurity System (KSC).
Advanced Persistent Threats Employ New Tactics
The recommendation warns of a new threat: advanced hacking groups attempting to infiltrate Polish organizations by posing as ordinary job applicants. These groups, known as APTs (Advanced Persistent Threat), specialize in long-term cyberattacks and are often linked to foreign intelligence services.
Previously relying on phishing and exploits, APT groups are now increasingly attempting to penetrate organizations by presenting themselves as employees during the recruitment process.
Recruitment as a Hybrid Warfare Battlefield
The government recommendation highlights that a successful infiltration poses a significant threat to both national security and the targeted organization. Departments should be aware that a job interview could be a meeting with a professional spy seeking access to IT systems and sensitive data.
HR Recommendations: Red Flags and Prevention
The recommendation provides detailed guidance for HR departments, emphasizing the recruitment process as the first line of defense. It identifies specific red flags and preventative measures.
The first few weeks of a new employee’s tenure are critical for assessing potential social engineering attacks (APT). Vigilance must not wane even after a candidate passes the initial screening.
New Tools: Fake Video Meetings and Industry Events
Attacks extend beyond recruitment, with APT groups utilizing video meetings to infect systems. Caution is advised during online interactions.
Industry conferences and events are also being exploited as recruitment grounds for APT groups.
Targeted Personnel: IT Professionals at Risk
The government document specifically identifies technical staff, programmers, security analysts, and researchers as particularly vulnerable groups.
Incident Response Protocol
In the event of a suspected infiltration, the recommendation mandates a swift response and immediate action.
Inter-Agency Cooperation
The recommendation was developed in collaboration between the Ministry of Digital Affairs, CSIRT KNF, and CSIRT NASK. Further information is available in the CSIRT KNF report, “Social Engineering by APT Groups in Recruitment and Business Relationships.”
The recommendation carries legal weight under Article 67a of the National Cybersecurity System Act and applies to all KSC entities, with recommendations for private companies, especially those employing IT specialists and handling sensitive data.
