Cyber Incident Victim: Pasažieru vilciens
Date:
Jun 2022
Location:
Latvia
Summary
The company experienced repeated DDoS attacks targeting its website and ticket sales systems, disrupting online and mobile app-based ticket purchases. These attacks aimed to cause service unavailability but did not compromise user data. IT personnel collaborated with partners to restore functionality promptly. The incidents occurred amid increased cyberattacks by Russia-linked actors against national infrastructure and various sector companies, though all attacks were successfully mitigated without significant operational impact.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around June 8, 2022, VAS "Pasazieru vilciens," Latvia's passenger rail service provider, experienced repeated distributed denial-of-service (DDoS) attacks targeting its website and electronic ticketing systems. This marked at least the second such incident within a week, following a previous attack on June 1 that similarly disrupted online ticket sales through both the company’s website and mobile application. The DDoS attacks aimed to overwhelm the digital infrastructure, causing service unavailability for ticket purchasing platforms while leaving user data unaffected. These disruptions impaired core customer-facing operations during the attack periods, though the company’s IT department and external partners successfully mitigated the incidents without allowing prolonged operational damage. The attacks aligned with a broader increase in cyber assaults against Latvian state resources and private sector entities linked to Russia-affiliated threat actors, though all documented attempts had been neutralized prior to causing significant functional compromise.
Pasazieru vilciens confirmed the technical impact on web services and e-commerce functions but emphasized no evidence of data breaches or system infiltration beyond the temporary accessibility issues. The organization’s IT teams collaborated with cybersecurity partners to restore full service availability promptly, though the article did not specify exact restoration timelines or technical countermeasures deployed. Historical context notes the company transported 11.194 million passengers in 2021, representing a 12.8% decline from 2020 volumes, though this operational data was unrelated to the immediate incident. Established in 2001 as a spin-off from Latvijas dzelzcels (Latvian Railways) to manage domestic passenger services, Pasazieru vilciens became a state-owned enterprise in 2008. The incident underscored recurring vulnerabilities in public transport digital infrastructure amid geopolitical tensions, though defensive measures prevented material consequences beyond transient service interruptions.