Cyber Incident Victim: Electricity Transmission System Operator of North Macedonia

The Electricity Transmission System Operator of the Republic of North Macedonia (MEPSO) confirmed on March 1, 2024, that it was actively addressing a cyberattack against its systems. In a press release issued on Thursday, February 29, 2024, MEPSO clarified that the incident did not target critical energy infrastructure components responsible for electricity transmission. The company assured the public that both the operational integrity of the national power grid and the continuity of electricity supply remained fully intact throughout the incident. MEPSO emphasized its critical infrastructure remained secure and fully functional despite the cyber intrusion. The attack occurred in recent days prior to the March 1 public disclosure, though the exact start date and initial detection method were not specified in the announcement. No operational disruptions or power outages resulted from the incident, confirming the containment of impacts to non-critical systems. MEPSO did not identify the specific IT systems compromised or the nature of the attackers' activities beyond classifying the event as a cyberattack.

MEPSO acknowledged implementing extensive pre-existing cybersecurity measures prior to the attack but confirmed these defenses were challenged during the incident. The organization followed national cybersecurity regulations by formally reporting the attack to relevant authorities, though these agencies were not named in the press release. Internal MEPSO technical teams collaborated with external cybersecurity experts to mitigate the attack's effects and restore normal operations across affected systems. The company prioritized resolving residual technical issues to resume standard business functions, though no timeline for full recovery was provided. Public communications emphasized transparency regarding infrastructure security while withholding technical details that could compromise ongoing remediation or investigation efforts. No data breaches, ransomware notes, or financial motives were disclosed in the initial statement. MEPSO maintained its operational responsibilities throughout the response without requiring external grid management support.