News reports have revealed that several critical infrastructure facilities in Cyprus have been targeted by a series of cyberattacks that began on Friday. The attacks focused on critical installations including the Hermes Airport website, Bank of Cyprus, Cyprus Electricity Authority (EAC), Cyprus Telecommunications Authority (CYTA), and EKO Cyprus Limited. Fortunately, due to robust security measures, all attacks were swiftly contained without any disruption to services.
Confirming the string of attacks, George Michaelides, Commissioner of Communications at the Republic of Cyprus stated on Saturday in a message posted on X, formerly Twitter, that “we are prepared, but of course, no one can say that they are fully prepared, because the one who says this is surely the next victim.”
He emphasized that “what is important is to be ready, if you have been attacked, to recover as quickly as possible, i.e. restore your service quickly and recover your data”.
Referring to the cyber attacks of the last two days, Michaelidis said that ‘citizens were not affected,’ stressing that ‘it is important to be able to recover or repel the attack in time.’
Commenting on hacker group LulzSec Black’s public assertion that it would target Cyprus’ critical infrastructure, the Communications Commissioner said ‘there should be no panic’ but noted ‘we just have to be prepared.’ ‘Their intention to make the announcement is primarily to cause panic. Otherwise, they would not have made the announcements,’ he said.
Michaelides added that the Digital Security Authority was made aware of the threats of this particular group, noting that they notified the official infrastructure of Cyprus, while they were given advice on the additional measures they should take.
The first warnings about a potential cyber operation against Cyprus emerged last week, following statements on Telegram and dark web forums from groups such as LulzSec Black, Moroccan Soldiers, Black Maskers Army, and Anonymous Syria. The groups claimed they would compromise with Cypriot agencies to “punish” the country for its support of Israel.
“This operation was carried out in response to Cyprus’ support for the occupying, usurping entity,” said hackers from the LulzSec Black group, adding in a separate statement that they would stop the attacks if Cyprus changed its position toward Israel and sent food supply planes to the Gaza Strip.
Cyprus cybersecurity firm Odyssey observed last week that a hacking group known as LulzSec Black has publicly declared its intent to target the critical infrastructure of Cyprus. “The attack appears to be politically motivated, citing Cyprus’ relationship with Israel as a factor behind the upcoming cyber offensive.”
At the time, Odyssey wrote “A planned cyberattack targeting the infrastructure of Cyprus is scheduled for 17th October 2024, with potential tactics including distributed denial of service (DDoS), data breaches, and other exploitation techniques. The threat is further heightened by the involvement of the group ‘Moroccan Soldiers,’ who have expressed their support for LulzSec Black in these operations.”
It added that the targeted systems include Cypriot infrastructure, specifically government, financial, and critical services, which may be at risk of service disruptions, data theft, or system compromises.
KNEWS reported on Monday that in the past 24 hours, Cyprus has been hit by a series of major cyber attacks, targeting both government websites and critical internet infrastructure. Six incidents have been recorded since Friday, affecting both public services and private businesses.
Providing details, KNEWS disclosed that the cyber assault commenced on Friday with an attack on the Hermes Airport website, which was swiftly managed without disrupting any airport services. Maria Kouroupi, Hermes’ Director of Aviation Development and Communications, explained, “Our website is purely informational and not linked to other airport systems, so no services were interrupted.”
Later that day, the Bank of Cyprus was targeted. Hackers attempted a Distributed Denial of Service (DDoS) attack, intending to render the bank’s websites inaccessible. However, the bank’s robust security systems successfully thwarted the attempt, allowing its websites to continue functioning normally. That evening, the Cyprus Electricity Authority (EAC) was also targeted. EAC Chairman George Petrou assured the public that the authority continuously monitors its systems, employing stringent security measures to protect its digital infrastructure. Like the earlier incidents, this attack was promptly neutralized.
On Saturday, two more companies faced attacks—Cyprus Telecommunications Authority (CYTA) and EKO Cyprus Limited—both of which effectively repelled the threats without any operational impact. Government websites came under attack on Sunday, aiming to disrupt access to public information portals. The Ministry of Research, Innovation, and Digital Policy reported that the attack was swiftly countered, resulting in only a brief disruption to the main gov.cy portal, with no other state websites or services affected.
Despite these cyberattacks, authorities are urging calm. Cyprus Electronic Communications and Postal Regulation Commissioner, George Michaelides, acknowledged the potential for further attacks, particularly given the current geopolitical tensions in the Middle East. Nonetheless, he emphasized that the country remains vigilant and prepared for any future incidents.
The Ministry of Research, Innovation, and Digital Policy confirmed that all attacks were DDoS (Distributed Denial-of-Service) in nature, intending to overwhelm websites with traffic to render them inaccessible. Crucially, no data breaches or deeper security violations have occurred.
“Organizations in Cyprus should prioritize the protection of their systems and data, as LulzSec Black and supporting groups have explicitly stated their intentions to target critical infrastructures,” Odyssey added in its note. “Immediate actions to enhance cybersecurity posture and defense mechanisms are strongly recommended. Organizations should be able to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems as part of their cyber resilience strategy.”
Last week, cybersecurity agencies from the U.S., Canada, and Australia issued a warning about Iranian cyber hackers compromising critical infrastructure through brute force and credential access techniques. Since last October, these cyber hackers have targeted user accounts in sectors such as healthcare, public health, government, information technology, engineering, and energy.