Cyber Incident Victim: Pop TV
Date:
Feb 2022
Location:
Slovenia
Summary
A cyber-attack disrupted Slovenia's most popular TV channel, impacting its computer network and preventing the use of graphics during a key news program, leading to the cancellation of a later broadcast. While news operations resumed shortly after, the incident also affected web servers supporting an on-demand streaming service, halting live sports events and new content additions, which frustrated subscribers. Reports indicated foreign hackers attempted extortion in a ransomware-like incident, with national cybersecurity authorities assisting in the response. The attack mirrored previous disruptions at international broadcasters where backend IT infrastructure was compromised, though recovery in this case was comparatively faster.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber-attack disrupted operations at Pop TV, Slovenia's most popular television channel, beginning on Tuesday, February 8, 2022. The incident initially impaired the station's computer network, specifically affecting the evening broadcast of its flagship news program, 24UR. Technical limitations prevented the display of computer-generated graphics during the show. Production challenges forced the cancellation of the night edition entirely, though a condensed version aired on Pop TV's official website. While regular news programming resumed by Wednesday, broader network disruptions persisted beyond the initial broadcast issues.
Further investigation revealed the attack compromised multiple systems, including web servers supporting VOYO, Pop TV's on-demand streaming service operated by its parent company. This secondary impact prevented staff from uploading new content to the platform and disrupted live streaming of channels and events. Subscribers lost access to scheduled programming, including Winter Olympics coverage, prompting widespread complaints. While Pop TV confirmed the technical consequences in public statements, it did not disclose the attack's origin or methodology. Slovenian outlet Zurnal24 reported foreign hackers executed an extortion attempt resembling ransomware, though official sources did not confirm this characterization. Slovenia's Computer Emergency Response Team (SI-CERT) acknowledged collaborating with Pop TV on remediation efforts but declined to provide incident specifics. The disruption aligned with a pattern of ransomware attacks targeting broadcasters globally, including incidents affecting France's M6, Portugal's SIC, and multiple U.S.-based networks between 2019 and 2021, though Pop TV restored core services faster than many peers.