Cyberattack hits Slovenia’s largest power utility


The IT network of HSE, Slovenia’s largest power utility, was hit with a cyberattack last week. The situation now appears to be under control, but the source of the incident has not yet been found.

The company said the incident was the result of a "crypto-virus" that encrypted files and locked staff out of its systems. HSE also said it had not received any ransom requests and that the incident has not impacted activity at any of its power plants.

The news portal 24ur reported that the attack was "substantial" and that the attackers had penetrated the security and control system as well as fire alarms. The attack was allegedly detected on Wednesday night and seemed to have been contained, but by Friday night, the situation actually worsened as the infection began to spread.

By then, the government was, of course, involved. Uroš Svete, the director of the Government’s Information Security Office, said that it was the case of a classic cyberattack, but it appeared to have caused no major damage. Moreover, Svete said that he was satisfied with how the incident was contained.

"I believe that the process itself, both the detection of the incident and the reporting and engagement of all actors, at expert, technical, company and the level of state authorities, has been appropriate and in line with the national cyber incident response plan. So, in reality, at the moment, the situation in this case is under control," Svete said on Sunday.

HSE general manager Tomaž Štokelj also said he was optimistic there would be no major consequences for the system security and the company’s business performance.

“The HSE power plants are operating smoothly, and Slovenia's electricity supply continues to be reliable,” the company said in a statement on its website.

However, danger still looms. It’s not yet possible to say what the source of the incident was, but the very fact that data was accessed indicates it could ultimately lead to blackmail of the company. Not rushing to demand a ransom payment is actually standard practice for cyber attackers.

HSE operates the Šoštanj thermal plant, which accounts for around a third of domestic electricity production, as well as chains of hydro plants on the Drava, the Sava, and the Soča rivers. The group accounts for roughly 60% of domestic electricity production.