Poland thwarts cyberattack on National Centre for Nuclear Research, Iranian link suspected

Poland has thwarted a cyberattack attempt targeting the National Centre for Nuclear Research (NCBJ). The incident was announced on March 12, 2026, by Deputy Prime Minister and Minister of Digital Affairs Krzysztof Gawkowski. The attack was carried out over the last few days, but thanks to swift intervention by Polish services, the attempt to breach security ended in failure. The Ministry of Digital Affairs assured that the centre is fully secure and critical infrastructure suffered no damage. Relevant state services responsible for the country's cybersecurity were involved in the matter from the beginning.

Initial findings by investigators point to clues linking the perpetrators of the attack to Iran. However, Polish authorities are exercising great restraint in officially attributing responsibility, investigating whether this might be a false flag operation. The services are checking whether the traces leading to Tehran were not deliberately planted by another entity for the purpose of disinformation and provoking diplomatic tensions. A detailed technical analysis of the malware used during the incident is currently underway, which should allow for precise identification of the threat's source.

The National Centre for Nuclear Research was established on September 1, 2011, from the merger of the Institute of Atomic Energy and the Institute of Nuclear Problems. As the largest facility of its kind in the country, NCBJ manages, among other things, Poland's only operational research reactor, Maria. Since Russia's invasion of Ukraine in 2022, Polish strategic infrastructure has regularly become a target of cyber operations, which has forced a significant strengthening of digital protection systems for state institutions.

The situation fits into a broader trend of increased hacker activity targeting Polish public and scientific institutions. The Ministry of Digital Affairs emphasizes that thwarting the attack on NCBJ is proof of the effectiveness of the implemented security procedures. The services are monitoring the network in a state of heightened alert, expecting further attempts to destabilize the work of key research centres. At this moment, no detailed information about the methods used by the hackers has been provided, due to ongoing operational activities and the interests of the ongoing proceedings.

Cyberattack on NCBJ (March 2026): March 9–11 — Attack attempt; March 12, morning — Threat blocked; March 12, afternoon — Official statement