{
	"id": "d57b748a-e881-41cc-a788-0aac27049ccf",
	"created_at": "2026-04-06T00:22:38.168278Z",
	"updated_at": "2026-04-10T03:23:51.684175Z",
	"deleted_at": null,
	"sha1_hash": "c1bb40703055dcb83ddf4b16957bf14b13fa7c65",
	"title": "Current and former Polish officials face probe of alleged spyware abuse",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 259678,
	"plain_text": "Current and former Polish officials face probe of alleged spyware\r\nabuse\r\nBy Suzanne Smalley\r\nPublished: 2024-04-12 · Archived: 2026-04-05 13:30:55 UTC\r\nPolish prosecutors are now actively building a case against current and former government officials believed to\r\nhave deployed powerful commercial spyware against opposition party members and their allies in a rapidly\r\nunfolding spyware investigation. \r\nIn recent days, prosecutors have asked 31 victims whom they believe were likely targeted by Pegasus spyware to\r\nshare their stories. Senior government officials have said the investigation could lead to arrests.\r\nA probe into abuse of powers and dereliction of duties began on March 18 and is homing in on how officials used\r\nPegasus from 2017 to 2022, according to Polish news reports citing a spokesperson for the prosecutor’s office.\r\nThe prior Polish ruling party, known as Law and Justice (PiS), is said to have targeted opposition leaders and\r\nothers with the spyware, including amid the country’s election season. The spyware scandal has rocked the\r\ncountry since it first came to light in December 2021.\r\nIn September, Poland's Senate released the results of a special commission’s probe into the spyware’s usage,\r\npaying particular attention to the hack of an opposition politician in 2019, describing \"gross violations of\r\nconstitutional standards.”\r\nThe commission revealed at the time that it had alerted prosecutors to the potential for criminal charges against\r\nformer and current Polish ministers for using or abetting the use of spyware.\r\nCurrent Polish President Andrzej Duda is a former PiS member who is thought to remain loyal to the party, but the\r\ncountry has elected the leader of a different and more centrist party, Donald Tusk, as its new prime minister. Duda\r\nhas served as president since 2015.\r\nTusk, who became prime minister in December, said in February that he can prove state authorities used the\r\npowerful spyware to monitor a “very long” list of individuals.\r\nThe prime minister also revealed at the time that he had found documents which “confirm 100%” the prior\r\nadministration illegally used Pegasus, according to local news reporting at the time.\r\nSpyware has long been a scourge in Europe with prior scandals enveloping Spain, Greece, Hungary and Serbia.\r\nMercenary spyware is also used on a global scale. On Wednesday, Apple sent alerts to users in 92 countries,\r\nwarning they may have been targeted by foreign commercial surveillance tools like Pegasus, primarily through\r\nattempts to compromise iPhones from afar.\r\nhttps://therecord.media/poland-pegasus-spyware-government-investigation\r\nPage 1 of 3\n\nJohn Scott-Railton, a security researcher at the Canada-based Citizen Lab who helped surface the Polish spyware\r\nproblem, said he is watching the proceedings carefully.\r\n“Poland has gone from being a troubling centerpiece in EU spyware scandals to showing clear signs of a\r\nconcerted effort towards accountability,” Scott-Railton said via text message, citing the country’s recent decision\r\nto join a White House-led coalition of 17 countries working to fight the spread and use of spyware. “The recent\r\ndevelopments would have been deeply unthinkable until the election.”\r\nHe added that Poland’s quest for accountability has “already gone further than most investigations in the EU.”\r\nScott-Railton said the fact that opposition party leader Krzysztof Brejza was hit with Pegasus during\r\nparliamentary elections in which he played a key role in setting strategy is an “ominous sign of potential election\r\ninterference.”\r\nThe Polish scandal and the aftermath of its investigation will send an important signal across the continent, he\r\nsaid.\r\n“As authoritarianism grows and dangers to EU democracy fueled by Russia increase, ensuring that European\r\ndemocracies are free from the danger of spyware abuse could not be more critical,” he said.\r\nA second expert, white-hat hacker Runa Sandvik, said the 31 victims called to appear as witnesses may represent\r\njust a small fraction of the total scale of spyware abuse in Poland. \r\n“It’s important to remember that this number — 31 — is the number the National Prosecutor’s Office has decided\r\nto release,” said Sandvik, who founded Granitt, a startup focused on helping journalists, human rights activists and\r\nother vulnerable populations targeted by spyware.\r\nSandvik said she believes the Polish government also likely used spyware to investigate crime, corruption and\r\nterrorism meaning the total number of people hit with Pegasus could be much higher.\r\n“The number on its own does not tell us how many people were targeted, or for what purpose,” Sandvik said via\r\nemail. “I hope the investigation will help shed some light on this.”\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/poland-pegasus-spyware-government-investigation\r\nPage 2 of 3\n\nSuzanne Smalley\r\nis a reporter covering digital privacy, surveillance technologies and cybersecurity policy for The Record. She was\r\npreviously a cybersecurity reporter at CyberScoop. Earlier in her career Suzanne covered the Boston Police\r\nDepartment for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington\r\nwith her husband and three children.\r\nSource: https://therecord.media/poland-pegasus-spyware-government-investigation\r\nhttps://therecord.media/poland-pegasus-spyware-government-investigation\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/poland-pegasus-spyware-government-investigation"
	],
	"report_names": [
		"poland-pegasus-spyware-government-investigation"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434958,
	"ts_updated_at": 1775791431,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c1bb40703055dcb83ddf4b16957bf14b13fa7c65.pdf",
		"text": "https://archive.orkl.eu/c1bb40703055dcb83ddf4b16957bf14b13fa7c65.txt",
		"img": "https://archive.orkl.eu/c1bb40703055dcb83ddf4b16957bf14b13fa7c65.jpg"
	}
}