The polish NASK (Research and Academic Computer Network) which incorporates CERT Polska and the polish ccTLD Registry took over 3 domains used by one of the Citadel botnets known as plitfi.
As CERT Polska report reveals this botnet was used to steal information sent to websites and was mainly targeting Polish users. 11 730 different machines were infected and most of the connections made to the C&C server originated from Europe and Japan, with 77% of them made from Poland.
Access CERT Polska report here – http://www.cert.pl/PDF/Report_Citadel_plitfi_EN.pdf