DDoS Attack Targets Poland's UEFA Euro Opening Match

The UEFA Euro 2024 soccer championship tournament kicked off last weekend, but fans of European national teams aren't the only ones paying attention. Cyberattackers took aim at Polish public television, TVP, disrupting its online broadcast of Poland's Group D opening match against the Netherlands.

The broadcaster determined that the attack was a distributed denial-of-service (DDoS) effort that was timed for the start of the match.

"At about 3 p.m., Polish Television recorded a DDoS attack carried out from IP addresses located in Poland," TVP said in a statement on social platform X (via Google Translate). "After less than a minute, we took action in collaboration with national operators, which led to a mitigation of the attack. The IT teams have restored the service."

An Accidental Crash, or Russian Harrying?

Bartłomiej Wypartowicz, editor at Eastern European cybersecurity outlet Defence 24, quickly raised the possibility that the incident might not have been malicious; more than half of the population in Poland reportedly tried to access the stream, and the group responsible for the majority of the traffic appears to be a legitimate community called "fans of the Polish national team on Sunday after lunch."

He posted on X, "Millions of IP addresses want to visit the site" (via Google Translate).

However, Pawel Olszewski, Poland's deputy minister of digital affairs, said in an interview with local media yesterday that the crash was certainly malicious, and likely backed by Russia, which wanted to "prevent Polish citizens from watching the match online."

Cybercriminals have a long history of attacking major world sporting events — from the now-infamous Russia-led Olympic Destroyer attacks against the 2018 Winter Olympics in Pyeongchang, to attempted disruptions to the 2022 UEFA World Cup in Qatar, to threats against the upcoming Summer Games in Paris.

In this case, "all leads lead to the Russian Federation," Olszewski told Radio RMF24 (via Google Translate). "It was a DDoS attack aimed at disabling the service. … This attack was repelled very quickly."