Poland says cyberattack targeted nuclear research centre, but reactor operations were not affected

Poland’s National Centre for Nuclear Research, known as NCBJ, says it blocked a recent cyberattack against its IT infrastructure before any systems were compromised. The institute said the attempted intrusion was stopped by security systems and internal response procedures, and that the integrity of its systems remained intact.

The case drew attention because NCBJ is not just another research body. It is Poland’s main nuclear research institute, and it operates the MARIA reactor, the country’s only operating research reactor. NCBJ Director Prof. Jakub Kupecki said the incident did not affect the reactor, which continues to operate safely at full power.

Polish officials have not formally attributed the attack, but Reuters reported that Poland’s Minister for Digital Affairs, Krzysztof Gawkowski, said early indicators point to Iran. He also cautioned that those signs could be a deliberate false flag meant to hide the attackers’ true origin.

What happened at NCBJ

NCBJ said the attempted cyberattack took place recently and targeted the institute’s IT infrastructure. In its official statement, the institute said its security controls and internal teams acted quickly enough to prevent any successful breach, and it added that the integrity of the systems was not compromised.

That makes this an important cyber incident, but not a successful disruptive attack based on the information released so far. Public statements from NCBJ and Polish officials say the attack was detected and blocked, and there has been no indication that operational nuclear systems were affected.

Why this attack matters

The target alone makes this incident significant. NCBJ plays a central role in Poland’s nuclear research ecosystem and supports work in nuclear energy, reactor technology, subatomic physics, and related fields. Because it also operates the MARIA reactor, any cyber incident linked to the institute will draw immediate scrutiny even if the attack never reaches operational systems.

The broader context also matters. Poland has faced growing cyber pressure since Russia’s full-scale invasion of Ukraine in 2022, and Reuters reported earlier this year that Polish authorities saw strong indications of Russian involvement in a major cyberattack on the country’s power system. That does not prove any link to this latest case, but it helps explain why Warsaw is treating attacks on strategic infrastructure with greater urgency.

Key facts at a glance

Source: NCBJ and Reuters.

What officials are saying

Reuters reported that Minister Krzysztof Gawkowski described the incident as an attempt to break through security that was stopped, and said the centre remains safe. He also said the first identified entry vectors were linked to Iran, while stressing that investigators still needed to verify the evidence because deception remains possible.

That caution is important. Early technical indicators can point investigators in one direction and later turn out to be planted or misleading. At this stage, the safest conclusion is that Poland says it blocked the attack and is still examining who was really behind it.

Why the MARIA reactor point is important

Public concern often rises quickly when any cyber incident involves a nuclear institution. In this case, NCBJ and Polish officials both emphasized that the MARIA reactor was not affected. MARIA is a research reactor used for experiments, neutron research, and isotope production, not for generating electricity, and officials say it continues to operate safely.

That distinction should reduce fears of immediate operational danger. Based on the statements released so far, this was an attack on IT infrastructure, not a confirmed intrusion into reactor control or safety systems.

FAQ