Nicosia, Cyprus. Cyprus’s innovation and research ministry on Friday denied reports that the country was targeted in a large-scale cyberattack affecting more than 37 countries, saying no government systems were breached.
Ministry response to media reports
“With regard to the media reports, there has been no breach of any government systems. (…) The competent state authorities remain in constant vigilance,” the ministry said.
“The security of the state’s digital infrastructures remains a top priority and is addressed through continuous, close monitoring and close international cooperation,” it added.
Bloomberg report and Palo Alto Networks findings
US news outlet Bloomberg reported that an Asian hacker group, suspected of having broken into governmental and other highly sensitive computer systems, carried out cyberattacks in over 37 countries, likely including Cyprus.
Bloomberg cited a report by US-cybersecurity firm Palo Alto Networks saying the group gained access to at least five national law enforcement and border control agencies, three ministries of finance, one country’s parliament, and the networks of an estimated 70 organisations.
Methods and suspected objectives
“They use highly-targeted and tailored fake emails and known, unpatched security flaws to gain access to these networks,” Bloomberg quoted Pete Renals, head of Palo Alto Network’s Unit 42 threat intelligence team, as saying.
Palo Alto said the hackers accessed emails and other sources of critical information on military actions, trade negotiations, political unrest and diplomatic missions.
The hackers retrieved sensitive data from several email servers, with espionage believed to be the main motivation behind the attacks.
Bloomberg reported that some actions “coincided with issues and events of particular import to the government of China.”
Countries cited as potential targets
In its report, Palo Alto Networks identified several victims and said the hackers are suspected of having carried out similar attacks in countries including Cyprus, Germany, Greece, Italy, Malaysia and Panama.
What measures do you expect governments to take to verify and communicate cyberattack claims?
