During this year’s edition of the CYBERSEC 2025 conference, participants had a unique opportunity to take part in CyberBastion – a simulation strategy game that once again proved that education and excitement can go hand in hand.
This time, the scenario was based on the activities of the APT44 group (known as Sandworm), inspired by Operation BadPilot, targeting critical infrastructure – the energy and telecommunications sectors and government institutions. The aim of the cyberattacks was long-term infiltration, data theft, and maintaining access to the victims’ environments.
In the simulation, participants defended a fictional military organization called Stalowe Kłosy S.A. Despite the use of basic security measures – such as blocked USB ports, event logging, physical security, and a perimeter firewall – the attackers (in the simulated scenario) used five techniques from the MITRE ATT&CK framework within the first four minutes.
The players started with a budget of PLN 2 million, which they could increase by responding effectively to threats and investing in security measures. They had protective measures at their disposal divided into eight categories: Organization, Physical Infrastructure, Entire Network, Network Edge, Internal Network, End Devices, Applications, and Data. Each action was evaluated in terms of its effectiveness in preventing and responding to incidents.
The competition lasted two days and took the form of a mini-tournament, culminating in the presentation of a training voucher to the winner. In addition to the competition itself, participants also had the opportunity to engage in an interesting exchange of experiences and discussions about defense practices and cybersecurity strategies.
CyberBastion is not just a game – it is a modern educational platform that can become the foundation of any event or its dynamic complement. It integrates teams, builds awareness of threats, and effectively combines learning with practice.
