According to Poland's Supreme Audit Office, over 500 devices used by its employees were targeted a total of 7,300 times in what appears to be a series of politically motivated cyberattacks. The state auditor believes Pegasus spyware was used in at least three high-profile cases.
Ten artykuł czytasz w ramach bezpłatnego limitu

Follow the big issues that shape Polish politics and society by signing up to our weekly newsletter "News from Poland: Democracy at Stake". It allows you to stay up to speed on developments concerning the ongoing assault on democratic institutions, rule of law, and human rights in Poland.

- The scale of the attack is something unseen in the 103-year history of our institution- representatives of Poland’s Supreme Audit Office (NIK) said at a Monday press conference, officially confirming last week’s media reports. NIK claims that 544 phones and mobile devices used by its employees were attacked a total of 7,300 times between 2020-21.

On Friday, information about the mass surveillance inside Poland’s Supreme Audit Office was revealed by RMF FM. The radio station spoke of more than 6,000 cyberattacks using Pegasus spyware.

According to TVN 24, there have been 7,300 thousand attacks from 47 different IP addresses, some of which - according to Citizen Lab and Amnesty International - may be linked to the Israeli-made surveillance software. The attacks were detected and identified by NIK’s special cybersecurity team.

The largest spike in attacks against NIK employees coincided with the announcement of an audit of the abandoned 2020 presidential mail-in election, NIK authorities and third-party experts discovered.

A similar peak is supposed to also have taken place in the fall of 2021 when NIK was completing its audit report on the Justice Ministry’s special fund found to be misappropriating public money.

According to experts cooperating with NIK, three phones could have been infected with Pegasus spyware.

One of the compromised devices belongs to Jakub Banaś, social advisor and son of the head of the Supreme Audit Office Marian Banaś. At the same time, NIK did not provide any proof to support the claim that Pegasus spyware was used in the attacks.

NIK: it was a politically motivated attack

The data presented at the press conference is the result of the work of NIK’s cybersecurity team. According to Janusz Pawelczyk, advisor to the head auditor and former police officer, the sheer scale of the attacks and their scope prove that they were illegal.

Journalists at the conference were shown a chart from 2020-21, which indicated that the highest intensity of surveillance happened during the period when NIK was conducting an audit on the 2020 presidential mail-in election (which ultimately did not take place but had cost the state budget more than PLN 100 million) and a second audit on the Justice Fund administered by Zbigniew Ziobro's Ministry of Justice.

The chart - according to NIK’s staff - was supposed to prove the political purpose of the attack. Marian Banaś himself - for years an important politician of the ruling camp, appointed to head the NIK - is currently at odds with the Law and Justice party.

The audit of the Justice Fund was crushing. Ostensibly, the fund was supposed to help crime victims but according to NIK’s findings, Ziobro's Ministry regularly misappropriated the money. - The total value of the financial effects of the audit, i.e. the money that was mismanaged, spent illegally, unintentionally, or unreliably, amounted to over PLN 280 million - said the auditors at a press conference in September 2021.

What is more, money from the Justice Fund was also used to purchase Pegasus spyware on behalf of the Polish Central Anticorruption Bureau in 2017 (according to NIK, unlawfully). The system cost PLN 25 million, and the intermediary was a firm called Matic founded by former employees of the communist secret services.

Did the attackers use Pegasus?

Mr. Pawelczyk said that an attack using Pegasus spyware had been registered in the case of three phones belonging to people close to the head of the Supreme Audit Office Marian Banaś, including his son Jakub. The devices will be examined by the University of Toronto-based internet watchdog Citizen Lab which specializes in detecting the Israeli spyware.

The anonymous "third-party expert" speaking at the press conference on Monday stated that "the attack using Pegasus is a working hypothesis". He explained that the use of spyware was evidenced by static data and logins to domains and servers associated with Pegasus. He stressed that this required further explanation.

The expert said that the purchase of certain licenses does not mean the purchase of ammunition that can be fired against a single target. Rather, he compared Pegasus to a baseball bat that can be used repeatedly.

The spokesman for Poland’s security services, Stanisław Żaryn, dismissed the claims as "insinuations inspired by NIK’s chairman Marian Banaś", adding that Mr. Banaś is "subject to multiple prosecutorial investigations" for, among other things, irregularities concerning his assets.


Every day, 400 journalists at Gazeta Wyborcza write verified, fact-checked stories about Polish politics and society, keeping a critical eye on the ruling camp’s persistent assault on democratic values and the rule of law; the growing cultural tension between religious fundamentalism and human rights; and the ongoing COVID-19 epidemic. Our journalists are on the front lines in 25 Polish cities, reporting from the streets, hospitals, and courtrooms about issues that move public opinion.

We decided to make our service available to everyone free of charge in order to provide access to high quality journalism for expats and English speakers interested in Polish affairs. 

The access to information should be equal for all.

Gazeta Wyborcza Foundation
icon/Bell Czytaj ten tekst i setki innych dzięki prenumeracie
Wybierz prenumeratę, by czytać to, co Cię ciekawi to zawsze sprawdzone informacje, szczere wywiady, zaskakujące reportaże i porady ekspertów w sprawach, którymi żyjemy na co dzień. Do tego magazyny o książkach, historii i teksty z mediów europejskich.
    Zaloguj się
    Chcesz dołączyć do dyskusji? Zostań naszym prenumeratorem