Cyberattack on Biggest Slovenian Power Supplier, Investigation Underway

A significant cyberattack struck the IT network of HSE, Slovenia’s largest electricity provider in Central Europe. While the source of the HSE cyberattack remains unknown, the current situation appears to be managed and under control.

As per the company’s statement, the incident stemmed from a “crypto-virus,” which barred employees from accessing its networks and encrypted files.

HSE clarified that they had not received any ransom demands and reassured that the cyberattack on their systems hadn’t impacted operations across any of their power plants.

HSE Cyberattack

The company acknowledged that the cyberattack targeting HSE’s IT systems posed a significant danger and persisted for several days before any abnormal behavior was detected. They have called in cybersecurity experts to assess the amount of data exposed due to this hack which is right now not known.

In a press release, HSE stated, “The HSE group has detected potentially dangerous activities in the information system of the HSE group in the past few days. The analysis showed that the system was hacked. Expert teams from the field of IT and cyber security immediately started to resolve the incident.

The body has also followed the necessary protocols of informing the administrative agencies of the HSE cyberattack soon after discovery. They are currently coordinating with the investigation teams to ascertain the damage caused post the cyberattack on HSE.

“The HSE immediately informed the Government of the Republic of Slovenia, the administration of SDH, ELES, the police and other relevant state authorities, and all HSE professional teams responsible for the smooth implementation of business and operation of production facilities in the group. Currently, HSE cooperates with URSIV in all processes. Information and coordination of measures take place throughout the resolution of a security incident.”

So far, there hasn’t been any disruption in the operations of the plants, and the country’s electricity supply continues to run normally and smoothly.

“The HSE power plants are operating smoothly, and Slovenia’s electricity supply continues to be reliable. In HSE, in cooperation with experts from all stakeholders, they are trying to establish the smooth functioning of the HSE group as soon as possible.”

As per the news portal 24ur, the attack was deemed “substantial” and the attackers managed to breach the security and control system, in addition to the fire alarms.

According to reports, the attack was discovered on Wednesday night and appeared to have been stopped, but by Friday night, the virus had spread, making the situation worse.

Naturally, the government was involved by then. The government’s information security office head, Uroš Svete, described the HSE cyberattack as a textbook hack, but it didn’t seem to have done much harm. Svete added that he was happy with the way the matter was handled.

I believe that the process itself, both the detection of the incident and the reporting and engagement of all actors, at expert, technical, company and the level of state authorities, has been appropriate and in line with the national cyber incident response plan. So, in reality, at the moment, the situation in this case is under control,” Svete said on Sunday, reported Cybernews.

The threat persists. While the exact cause of the HSE cyberattack remains unknown, the exposure of data indicates a potential future target for blackmail against the organization. It’s a common tactic for cybercriminals to postpone ransom demands.

HSE runs the Šoštanj thermal plant, which produces around one-third of the electricity used in the country, along with a network of hydroelectric units on the rivers Drava, Sava, and Soča. Roughly 60% of the electricity produced in the country is supplied by this group.