Cyber attack on the HSE group

What was going on behind the attack on the HSE group? Photo: Unsplash

On the night of Friday to Saturday, one of the largest and most resounding cyber attacks in the history of Slovenia took place. This time, miscreants targeted the critical Slovenian energy infrastructure, and the target was the HSE group (Holding of Slovenian Power Plants).

The attack was detected as early as Wednesday, but it escalated from Friday to Saturday. The supply of electricity is not threatened, but access to some systems is still disabled until this moment. TomaÅ¾ Tokelj, general director of the HSE group, is optimistic that there will be no major consequences.

"The operating system is functional to a greater extent, our power plants are managed remotely, we are also establishing a connection with Eles."

In a press release, the HSE Group revealed that it was a classic cyber attack with a ransomware virus, with which the attackers encrypted some potentially sensitive files or data. "The analysis showed that it was a hack into the system. Expert teams from the field of information technology and cyber security immediately started to resolve the incident. The HSE immediately informed the government of the Republic of Slovenia, the administration of SDH, Eles, the police and other relevant state authorities and all professional teams responsible for the smooth implementation of business and operation of production facilities in the group.

They have not yet received the message about the payment of the ransom, nor do they know where the attack originated or who is behind it. They ruled out that the attack happened inside the company. In accordance with the national protocol in the event of such attacks, the Office for Information Security also became involved in cyber defense. General director dr. UroÅ¡ Svete also calms passions: Â"At the moment, the situation is under control.Â"

"According to the first data, the system itself was compromised, there was a successful attempt to penetrate and an attempt to lock files. "According to our information, no one has yet demanded a ransom, but the fact is that there is still no access," Svete confirmed.

In a joint action, they launched a further investigation. First of all, they are interested in when and how the original intrusion occurred. It was detected on Wednesday with the help of network security equipment, but Svete warns that such attacks can last longer than an hour. Â»[â€¦] such communications are not triggered immediately, even from the perspective of attackers. And that it also depends a lot on when the victim himself perceives and in what way he perceives such attacks.Â»

That the target was the energy sector is not surprising. Energy is "one of the most key sectors, because its criticality is the highest, the greatest" sectors depend on it, explains the motive of the attackers, dr. UroÅ¡ Svete. Finance, healthcare, and energy are the areas that have so far paid off the most for non-profits.

In the past, we have already talked about such attacks with many experts, who warn that ransomware attacks are becoming more and more relevant. 100 % bulletproof protection does not exist, but companies have more available. preventive measures and established protocols.