Can the Qilin ransomware group really destabilize EPS?

In December last year, the Serbian public energy company Elektroprivreda Srbije (EPS) was targeted by a ransomware group that called themselves Qilin.

Qilin claimed to have seized a significant amount of EPS’ confidential data, including private agreements, contracts, financial documents and extensive private email correspondences. The group threatened to publicly release this data in 10 days if EPS did not reach an agreement with them. The Qulin leak site has listed Elektroprivreda Srbije as a victim and published 24 screenshots of contracts, invoices, financial spreadsheets and folder trees, but still hasn’t published a data dump.

On December 19th, 2023, EPS acknowledged a “crypto-type” hacker attack and reported that they were in the process of recovery. The attack disrupted the EPS bill payment portal and delayed the distribution of November electricity bills.

Energy expert Željko Marković says that, in general, an attack on the information system of a company can definitely be a serious security threat.

“I am not sure that the ransomware group that attacked the EPS information system now possesses data that could threaten the company’s operations. What these hackers might have are customer data files and electricity sales contracts. Damage can also be caused if hackers get hold of financial data from certain contracts because such things are treated as business secrets,” Marković explains.

EPS is not the only company from the energy and business sector that encountered a hacker attack aimed at extorting money.

As a result of this attack, EPS’ teams of IT experts introduced additional protection measures, while the employee computers were down for several days. At one point, the payment of salaries was also disabled for a certain period.  Sources close to EPS confirmed that on Friday all employees who needed a computer to perform their work duties were sent home as the company’s IT experts were working on recovering the system after the ransomware attack.

This is a common occurrence, with the Qilin group being one of the most dangerous and capable online criminal organizations. Hence, its activities should not be taken lightly. In recent months, Qilin, also referred to as ‘Agenda,’ has emerged as a significant cyber threat, leaving organisations worldwide vulnerable to malicious attacks.  With a history of targeted exploits and a knack for evading detection, Qilin has gained notoriety due to its sophisticated techniques and successful ransomware campaigns. Until recently, the group had reportedly targeted twelve victims in a year, up until May 2023. 

(Danas, 15.01.2024)

This post is also available in: Italiano

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *

scroll to top
× Thinking to invest in Serbia? Ask us!