Cyber Incident Victim: Υπουργείο Παιδείας, Έρευνας και Θρησκευμάτων

On or around May 28th, 2023, the platform of the Question Bank (Τράπεζα Θεμάτων) operated by the Institute of Educational Policy (ΙΕΠ), which is hosted on the National Infrastructure for Research and Technology (ΕΔΥΤΕ), was subjected to a large-scale and prolonged distributed attack. The primary objective of this malicious cyber activity was to disrupt the administration of internal promotion and high school leaving examinations (απολυτήριες εξετάσεις Λυκείου). Despite the intensity of this initial offensive, the attacks were successfully isolated by the relevant authorities. As a direct result of this containment effort, the examinations proceeded normally in the overwhelming majority of schools, ensuring minimal disruption to the scheduled academic assessments.

The following day, on May 29th, the malicious attacks resumed early in the morning. The focus of this second wave shifted from the specific application platform to the underlying infrastructure of the EΔΥΤΕ network itself. This escalation represented a significant broadening of the threat actor's target, aiming to compromise the foundational technology supporting the Question Bank and potentially other services. The competent services responsible for the network's defense successfully repelled these renewed infrastructure-level attacks, preventing a successful breach and maintaining operational integrity during a critical period for the national education system.

The scale of the offensive against the Question Bank platform was unprecedented. Official figures confirmed the platform received 165 million hits originating from 114 different countries. This massive volume of traffic, coordinated across a global network of sources, qualifies this incident as the most significant attack ever recorded against a Greek public governmental organization in terms of its sheer scale and international scope. The distributed nature of the attack points to a highly coordinated effort, likely utilizing a botnet or similar distributed mechanism to generate the enormous volume of malicious traffic aimed at overwhelming the platform's defenses and rendering it inaccessible.

Concurrently with the technical response to mitigate the attacks, the Greek government initiated a formal legal and law enforcement response. The relevant ministries were in consultation with the Prosecutor's Office of the Supreme Court (Αρείου Πάγου) and the Cybercrime Prosecution Directorate (Δίωξη Ηλεκτρονικού Εγκλήματος). This engagement signifies that the incident was treated with the highest level of legal seriousness, with steps being taken to investigate the origin of the attacks and identify those responsible for orchestrating the disruption. This dual-track approach of technical containment and judicial investigation underscores the severity with which the incident was viewed by the national authorities.

A critical impact of the incident was its intended effect on the national examination process. The attacks were explicitly aimed at obstructing the conduct of the internal promotion and high school leaving exams. However, the containment measures proved effective. It was confirmed that the examination topics were successfully transmitted to all schools, and the leaving examinations for the third grade of high school (Γ’ Λυκείου) were completed without being ultimately derailed by the cyber offensive. This successful completion was a key outcome, ensuring that the academic progression of students was not unfairly compromised by the external attack.

Looking forward to the imminent national university entrance examinations (Πανελλαδικές Εξετάσεις), the authorities provided explicit assurances regarding their security and conduct. Official statements confirmed that the Panhellenic Examinations would proceed normally and with absolute security. Furthermore, a guarantee was issued that no student in their final year of high school would be excluded from the Panhellenic Examination process as a consequence of these malicious attacks. This was a crucial message intended to alleviate concerns among students, parents, and educators regarding the fairness and continuity of the higher education admission process.

A fundamental point of clarification was repeatedly emphasized by the officials to delineate the scope of the attack and the architecture of the examination systems. The targeted platform, the Question Bank of the IEP at trapeza.iep.edu.gr, was described as being absolutely distinct from the system used for transmitting the topics for the Panhellenic Examinations. This distinction is vital for understanding the incident's limited impact; while the preparatory Question Bank was under attack, the separate and secure system dedicated to the actual administration of the crucial national exams remained uncompromised and operationally independent. This architectural separation served as a key defensive feature, isolating the disruptive effects of the attack to a single, albeit important, component of the broader educational assessment infrastructure. The incident, therefore, while severe in its own right, was contained to a specific platform and did not achieve its apparent goal of causing widespread cancellation or chaos within the national examination schedule.