top of page

[Video] - Attacks Against Critical Infrastructure in the Adriatics

Critical infrastructure companies in the Adriatics region are increasingly targeted by ransomware attacks.

The last few months have seen successful attacks against both a Slovenian (Holding Slovenske Elektrarne - HSE) and Serbian (Elektroprivreda Srbije - EPS) electricity generation companies.


A few notes:

  • Different ransomware gangs involved (Rhysida in case of HSE, Qilin in EPS), indicating different tactics were used to penetrate the systems.

  • The EPS case appears to have had a larger material impact: delays in invoicing and customers unable to settle bills suggests core systems have been affected.

  • Also, the Qilin group is now publishing EPS exfiltrated data online, including personal customer details (see here), which means probably no ransom has been paid.

  • Qilin is a ransomware-as-a-service operator, targeting critical infrastructure companies among others. They utilize the increasingly popular double extortion technique, in which actors exfiltrate data prior to encryption and then threaten to leak the stolen data as leverage during negotiations.

  • Ransomware operators are expected to rely on this technique even more in the future, as cybersecurity regulations force companies to disclose cybersecurity incidents or personal data leaks (see more on weaponizing regulations here).


Marko Djordjevic has recently discussed recent critical infrastructure attacks in the region during a Techinsights event with Radiflow - watch below:



Latest news

bottom of page