cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Polish rail network halted by radio attack

Railway travel in Poland has been disrupted following a radio-based attack that brought trains to a standstill.

user icon Daniel Croft
Tue, 29 Aug 2023
Polish rail network halted by radio attack
expand image

The attack was an unsophisticated and simple attack in which the threat actors used radio equipment to send a specific command to operating trains that caused them to engage their emergency stop functionality.

“It is three tonal messages sent consecutively. Once the radio equipment receives it, the locomotive goes to a halt,” according to Lukasz Olejnik, an independent cyber security researcher via Wired.

The attack affected over 20 trains across the country, with the threat actors interspersing the radio commands with clips of a speech by Russian President Vladimir Putin and the Russian national anthem, according to the Polish Press Agency (PAP).


While the attack may have been basic, with Olejnik saying it would require no more than $30 worth of off-the-shelf radio equipment, it shows a rather major vulnerability with the rail network, as the radio system that the rail network uses requires no authentication and lacks encryption.

“Everybody could do this. Even teenagers trolling. The frequencies are known. The tones are known. The equipment is cheap,” he added.

The rail network has previously said it plans to upgrade the systems to use GSM cellular radios, which feature encryption and authentication.

The incident was resolved within a few hours and two men who were Polish citizens were arrested under suspicion of being behind the attack.

Poland’s internal security service, ABW, has launched an investigation into the incident, with concerns it could be connected with the current Russia-Ukraine war.

For the moment, we are ruling nothing out,” said senior Polish security official Stanislaw Zaryn.

We know that for some months there have been attempts to destabilise the Polish state. Such attempts have been undertaken by the Russian Federation in conjunction with Belarus.”

The Polish rail network presents a lucrative target for Russia, as the nation has proven to be a vital transit hub for Western nations supplying weapons to Ukraine.

Prior to the radio incident, a number of cyber attacks by a Russian-backed threat actor on Polish railways, other infrastructure, and organisations have been reported in recent months.

Threat actor NoName057(16) (NoName) is a pro-Russian hacking group that specialises in distributed denial of service attacks (DDoS). The group first appeared in March last year, just after Russia invaded Ukraine, and has claimed responsibility for attacks on government, media, and other websites of Ukraine, the US, and European nations.

The group has reportedly hit a number of European targets including ones in Poland. In the last few days, Bank Polska SA, alongside the Austrian Raiffeisen Bank, and more were targeted by the threat group.

The group has also targeted the Polish rail network in the past, after it hit the website SKM commuter rail system in Poland in June, and the PKP Group, which is responsible for running the Polish state railways in regard to intercity and tri-city passenger transport, freight, rail telecommunication, and IT services.

Despite the similarities, Zaryn says that there is currently no evidence that these prior attacks and the recent radio attack are connected.

Attacks on Polish infrastructure like this reignite the ongoing debate as to whether cyber and non-kinetic attacks could lead to Western escalation.

According to NATO’s Article 5, “if a NATO ally is the victim of an armed attack, each and every other member of the alliance will consider this act of violence as an armed attack against all members and will take the actions it deems necessary to assist the ally attacked”.

With Poland a part of NATO and the Russia-Ukraine war proving to be an unprecedented conflict in regards to the role of cyber warfare, if the attack or any other cyber attack against Poland was proven to be conducted by Russia itself, or a threat actor instructed to conduct the attack by Russia, it could be argued that other NATO members such as the UK and the US would be required to join the conflict.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.