The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week.
The agency said hackers managed to compromise employee terminals and steal 1.2 GB of data, corresponding to roughly 0.0006% of the total data held by the government organization.
The stolen data reportedly does not contain any citizens’ personal information but primarily consists of typical administrative documents, the exposure of which is not expected to impact the registry’s operations.
The announcement also mentions that the hackers attempted to create a malicious user to infiltrate the agency’s central database, but they failed.
One of the database’s backups, which are updated daily, was accessed by the unauthorized actors. However, the subsequent attempt to exfiltrate the data to an external server was blocked.
The Land Registry’s internal investigation, aided by the Cybersecurity Directorate of the General Staff of National Defense, has not found any evidence of ransomware having been deployed on the breached systems.
Emergency actions to reduce the risk of ransomware have been taken, like terminating all VPN access to block malicious users.
As a precaution, all of the registry’s employees have had their passwords reset, and two-factor authentication has been made mandatory to help protect their accounts from unauthorized access.
The last recorded attack occurred in the early morning of July 19, 2024, and was successfully thwarted. No further updates have been provided, so it’s unknown if the attacks continue.
Currently, the agency’s digital services continue to operate as normal, and transactions with citizens, which are considered safe, have remained uninterrupted throughout the attacks.
In 2022, Greece’s state-owned postal services provider, ELTA, suffered a ransomware attack that caused a country-wide service disruption.
A few months later, Ragnar Locker ransomware breached the country’s largest natural gas distributor, DESFA, compromising data and causing an IT systems outage.
Source: www.bleepingcomputer.com