Cyber Incident Victim: Port of Rijeka
Date:
Dec 2024
Location:
Croatia
Summary
The Port of Rijeka suffered a ransomware attack by the 8Base group, resulting in the theft of sensitive financial records, personal information, employment contracts, and non-disclosure agreements. The port's CEO confirmed the incident but stated no ransom was paid, with operations restored to normal functionality through backup systems. While the attack compromised data, critical infrastructure remained unaffected, allowing the facility to continue handling general cargo and supporting ongoing terminal development projects involving international partners.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Port of Rijeka in Croatia experienced a cyberattack over the weekend preceding December 1, 2024, attributed to the 8Base ransomware group. The group publicly claimed responsibility for the breach through the HackManac profile on the social media platform X, setting a ransom payment deadline for December 10, 2024. Stolen data included sensitive financial and accounting records, personal information of individuals, employment contracts, and a substantial volume of non-disclosure agreements (NDAs). Duško Grabovac, CEO of the Port of Rijeka, confirmed the incident to Croatian media outlet Novi list, acknowledging data theft but explicitly stating no ransom had been paid. Port operations were restored to normal functionality following the activation of backup systems, which enabled full data recovery. The attack did not disrupt cargo handling capabilities, as the port continued processing all cargo types except roll-on/roll-off (Ro-Ro) vessels during and after the incident.
The Port of Rijeka, a strategic Adriatic hub, hosts the Adriatic Gate Container Terminal—a joint venture where International Container Terminal Services, Inc. (ICTSI) holds a 51% stake and the Port of Rijeka owns 49%. The breach occurred amid ongoing development of the Rijeka Gateway container terminal, a project led by APM Terminals and ENNA Logic slated for a 2025 opening with 650,000 TEU annual capacity. While operational continuity was maintained, the compromise of confidential commercial agreements and employee records introduced legal and reputational risks. No operational technology (OT) disruptions or physical infrastructure damage were reported. The port’s reliance on backups for rapid recovery demonstrated existing resilience measures, though the exfiltration of sensitive documents underscored vulnerabilities in data protection protocols. The incident highlighted persistent threats to critical maritime infrastructure, particularly during periods of expansion and record throughput volumes as previously reported by the terminal.