Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Grupa Wirtualna Polska

Grupa Wirtualna Polska Vendor Cyber Rating & Cyber Score

wp.pl

#zmieniamyinternet


GWP A.I CyberSecurity Scoring

GWP
Company Information
Website:https://holding.wp.pl/
Employees number:1,135
Number of followers:17,767
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:wp.pl
GWP Risk Score (AI oriented)
Between 700 and 749
logo
GWPTechnology, Information and Internet
Updated:
17/06/2026
737/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
GWP Global Score (TPRM)
xxxx
logo
GWPTechnology, Information and Internet
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

GWP
GWPModerate
Current Score
737Ba (MODERATE)
01000
1 incidents
-31 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
737Before Incident
JUNE 2026
737Before Incident
MAY 2026
737Before Incident
APRIL 2026
736Before Incident
MARCH 2026
766Before Incident
Cyber Attack
01 Mar 2026GWP
Wirtualna Polska and Google: Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes

Ghostwriter Hackers Target Gmail Users in Sophisticated Phishing Campaign

735After Incident
CRITICAL-31
WIRGOO1781655885
Ghostwriter Hackers Target Gmail Users in Sophisticated Phishing Campaign A state-linked hacker group, Ghostwriter (UNC1151), has intensified its phishing attacks against Gmail users, masquerading as official Google security alerts to steal login credentials and two-factor authentication (2FA) codes. The campaign, active since March 2026, primarily targets Polish individuals in high-profile roles, including politicians, journalists, researchers, public servants, and their associates. Previously focused on Polish email providers like Onet, Wirtualna Polska, and Interia, Ghostwriter has shifted exclusively to Gmail, deploying new phishing domains almost daily primarily on weekdays. The group’s tactics suggest intelligence-gathering motives, with successful breaches leading to further exploitation, such as hijacking linked social media accounts and exfiltrating sensitive documents. ### How the Attack Works The phishing emails, written in fluent Polish, impersonate Gmail administrator notices, warning of suspicious logins, policy violations, or imminent account suspension. Victims are directed to fake login pages that mimic Gmail’s interface, capturing passwords and critically 2FA codes via SMS or authenticator apps. Attackers often repeatedly target the same accounts, sending multiple messages within days to increase pressure. ### Infrastructure & Tactics Ghostwriter employs dynamically rotated domains (e.g., .icu, .digital, .top) and compromised Polish websites to host phishing pages, often without altering the main site to avoid detection. Some attacks use Netlify-hosted subdomains (e.g., monitoring-google-konta.netlify.app) or dedicated phishing domains (e.g., mailverify.digital). Sender addresses, such as [email protected], are crafted to appear legitimate. ### Broader Impact While the campaign initially targeted Polish users, Ghostwriter’s broad guessing of email addresses means unrelated inboxes may also receive phishing attempts. CERT Polska (CERT.PL), which documented the attacks, warns that sender display names and urgent security warnings should be treated with skepticism, recommending direct verification via official service URLs. The group’s Belarusian links and focus on high-value targets underscore the campaign’s role in espionage rather than financial fraud, with each compromised account serving as a gateway for further infiltration.
INCIDENT DETAILS -
TYPE
Phishing
MOTIVATION
Espionage, Intelligence Gathering
IMPACT
Data Compromised: Login credentials, Two-factor authentication (2FA) codes, Sensitive documents, Social media account accessSystems Affected: Gmail accounts, Linked social media accountsOperational Impact: Account hijacking, Unauthorized access to sensitive informationBrand Reputation Impact: Potential reputational damage to targeted individuals and organizationsIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Login credentials, 2FA codes, Sensitive documents, Social media account accessSensitivity Of Data: HighData Exfiltration: YesPersonally Identifiable Information: Yes
FEBRUARY 2026
766Before Incident
JANUARY 2026
766Before Incident
DECEMBER 2025
766Before Incident
NOVEMBER 2025
766Before Incident
OCTOBER 2025
766Before Incident
SEPTEMBER 2025
766Before Incident
AUGUST 2025
766Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for GWP ?
?
What was GWP's A.I Rankiteo Cyber Score in June 2026 ?
?
What was GWP's A.I Rankiteo Cyber Score in May 2026 ?
?
What was GWP's A.I Rankiteo Cyber Score in April 2026 ?
?
What was GWP's A.I Rankiteo Cyber Score in March 2026 ?
?
What was GWP's A.I Rankiteo Cyber Score in February 2026 ?
?
What was GWP's A.I Rankiteo Cyber Score in January 2026 ?
?
What was GWP's A.I Rankiteo Cyber Score in December 2025 ?
?
What was GWP's A.I Rankiteo Cyber Score in November 2025 ?
?
What was GWP's A.I Rankiteo Cyber Score in October 2025 ?
?
What was GWP's A.I Rankiteo Cyber Score in September 2025 ?
?
What was GWP's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on GWP's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with GWP ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view GWP's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?