Cyber attack on the HSE group

On the night from Friday to Saturday, one of the largest and most resounding cyber attacks in the history of Slovenia took place. This time, miscreants targeted the critical Slovenian energy infrastructure, and the target was the HSE group (Holding of Slovenian Power Plants).

The attack was detected already on Wednesday, but it escalated from Friday to Saturday. The power supply is not threatened, but access to some systems is still disabled at this time. Tomaž Štokelj, CEO of the HSE Group, is optimistic that there will be no major consequences.

"The operating system is functional to a greater extent, our power plants are managed remotely, we are also establishing a connection with Eles."

The HSE group revealed in a press release that it was a classic cyber attack with a ransomware virus, with which the attackers encrypted some sensitive files or data. "The analysis showed that it was a hack into the system. Expert teams from the field of information technology and cyber security immediately started to resolve the incident. HSE immediately informed the government of the Republic of Slovenia, the administration of SDH, Eles, the police and other relevant state authorities and all professional teams responsible for the smooth implementation of business and operation of production facilities in the group."

They have not yet received the ransom payment message, nor do they know where the attack originated from or who is behind it. They ruled out that the attack happened inside the company. In accordance with the national protocol in the event of such attacks, the Office for Information Security also became involved in cyber defense. General director dr. Uroš Svete also calms passions: "At this moment, the situation is under control."

»Po prvih podatkih naj bi prišlo do kompromitacije samega sistema, uspešnega poskusa penetriranja in poskusa zaklepanja datotek. Po naših informacijah ni še nihče zahteval odkupnine, a dejstvo je, da tudi dostopa še ni,« je potrdil Svete.

In a joint action, they launched a further investigation. In the first place, they are interested in when and how the original intrusion occurred. It was detected on Wednesday with the help of network security equipment, but Svete warns that these types of attacks can last for a long time. “[…] such communications are not initiated immediately, even from the point of view of the attackers. And that it also depends a lot on when the victim himself perceives and in what way he perceives such attacks."

That the energy sector was the target is not surprising. Energy is "one of the most crucial sectors, because its criticality is the highest, most sectors depend on it," explains the motive of the attackers, Dr. Uros Sveta. Finance, healthcare, and energy are the areas that have so far paid off the most for non-profits.

O tovrstnih napadih smo v preteklosti že govorili s številnimi strokovnjaki, ki opozarjajo, da so ransomware napadi vse bolj aktualni. 100 % neprebojna zaščita ne obstaja, podjetjem pa je na voljo več preventivnih ukrepov in ustaljenih protokolov.