Cyber attack on the HSE group

On the night from Friday to Saturday, one of the largest and most resounding cyber attacks in the history of Slovenia took place. This time, miscreants targeted the critical Slovenian energy infrastructure, and the target was the HSE group (Holding of Slovenian Power Plants).

The attack was detected already on Wednesday, but it escalated from Friday to Saturday. The power supply is not threatened, but access to some systems is still disabled at this time. Tomaž Štokelj, CEO of the HSE Group, is optimistic that there will be no major consequences.

"The operating system is functional to a greater extent, our power plants are managed remotely, we are also establishing a connection with Eles."

The HSE group revealed in a press release that it was a classic cyber attack with a ransomware virus, with which the attackers encrypted some sensitive files or data. "The analysis showed that it was a hack into the system. Expert teams from the field of information technology and cyber security immediately started to resolve the incident. HSE immediately informed the government of the Republic of Slovenia, the administration of SDH, Eles, the police and other relevant state authorities and all professional teams responsible for the smooth implementation of business and operation of production facilities in the group."

They have not yet received the ransom payment message, nor do they know where the attack originated from or who is behind it. They ruled out that the attack happened inside the company. In accordance with the national protocol in the event of such attacks, the Office for Information Security also became involved in cyber defense. General director dr. Uroš Svete also calms passions: "At this moment, the situation is under control."

"According to the first data, the system itself was compromised, a successful attempt to penetrate and an attempt to lock files were made. According to our information, no one has yet demanded a ransom, but the fact is that there is no access yet," confirmed Svete.

In a joint action, they launched a further investigation. In the first place, they are interested in when and how the original intrusion occurred. It was detected on Wednesday with the help of network security equipment, but Svete warns that these types of attacks can last for a long time. “[…] such communications are not initiated immediately, even from the point of view of the attackers. And that it also depends a lot on when the victim himself perceives and in what way he perceives such attacks."

That the energy sector was the target is not surprising. Energy is "one of the most crucial sectors, because its criticality is the highest, most sectors depend on it," explains the motive of the attackers, Dr. Uros Sveta. Finance, healthcare, and energy are the areas that have so far paid off the most for non-profits.

In the past, we have talked to many experts about this type of attack, who warn that ransomware attacks are becoming more and more relevant. 100 % bulletproof protection does not exist, but there are several preventive measures and established protocols available to companies.