Cyber Incident Victim: Hermes Airports
Date:
Oct 2024
Location:
Cyprus
Summary
Hermes Airports experienced disruptions due to a series of cyberattacks attributed to the 'LulzSec Black' group, part of broader incidents targeting government services and private companies. Police control systems at airports and checkpoints underwent emergency upgrades following attempted breaches, causing prolonged processing times and significant passenger queues at Larnaca airport, though Paphos airport saw milder impacts due to lower traffic. Authorities restored functionality and remain on high alert, with cybersecurity experts suggesting the attacks may have been a test of defenses or a show of force rather than a targeted data theft operation. Concerns persist about inadequate cyber preparedness across critical infrastructure, with warnings that such incidents could precede more severe future attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Republic of Cyprus experienced six cyberattacks over a weekend in early October 2024, targeting government services and private companies, including Hermes Airports. The initial incident occurred on Friday when an attempted cyberattack on Hermes Airports’ website was averted, though processing delays at security checkpoints caused significant passenger queues at Larnaca International Airport. Paphos Airport experienced fewer disruptions due to lower passenger volumes. By Sunday, authorities upgraded all police control systems at both Republic-operated airports and other national entry/exit points to address vulnerabilities exposed by the attacks. These upgrades did not cause system outages but were implemented as a precaution against ongoing threats. Concurrently, the Cypriot government’s main website suffered a brief outage lasting several minutes during a separate attack before being restored. Other confirmed targets included the Electricity Authority of Cyprus (EAC), Bank of Cyprus, telecommunications provider Cyta, and oil company EKO.
Police spokesman Christos Andreou confirmed on Monday that all affected systems had been restored and operations normalized, though processing delays persisted during the upgrade period. Deputy Minister Nicodemos Damianou stated authorities successfully mitigated the attacks and remained on high alert. Communications Commissioner George Michaelides declined to confirm whether data theft occurred or discuss attacker motives, citing operational security concerns. Cybersecurity experts Eleftherios Antoniades and Dinos Pastos characterized the attacks as a "show of force" potentially testing national defenses, while European University assistant professor Yianna Danidou suggested they might precede more sophisticated future attacks. Officials acknowledged challenges in attributing the attacks, particularly due to obfuscation techniques involving the dark web. No entity publicly confirmed data breaches or financial losses, though Michaelides emphasized the difficulty of recovering stolen assets in such incidents. Passenger processing delays at Larnaca Airport represented the most visible operational impact, with no reports of flight cancellations or compromised aviation safety systems.