Cyber Incident Victim: Cyprus

Between late September and early October 2024, Cyprus experienced a series of coordinated cyberattacks targeting critical infrastructure and government services, culminating in significant disruptions at key facilities. Initial warnings emerged on Telegram and dark web forums, with pro-Palestine hacker groups—including LulzSec Black, Moroccan Soldiers, Black Maskers Army, and Anonymous Syria—threatening retaliation against Cyprus for its perceived support of Israel. The attacks commenced over the weekend of September 28–29, with six confirmed incidents affecting police control systems at Larnaca and Paphos airports, government websites, the Electricity Authority of Cyprus (EAC), Bank of Cyprus, telecommunications provider Cyta, oil company EKO, and airport operator Hermes. Hackers employed distributed denial-of-service (DDoS) attacks to overwhelm systems, temporarily taking the government’s main website offline for several minutes on Sunday, September 29. Hermes preemptively shut down its website as a precaution, disrupting online parking reservations but leaving physical airport operations intact. Police spokesman Christos Andreou confirmed that processing delays during system upgrades led to prolonged queues at Larnaca airport checkpoints, though systems remained operational. By October 1, authorities had restored all affected services and implemented security upgrades across police control systems at airports and border checkpoints to mitigate further risks. Deputy Minister Nicodemos Damianou stated that while the attacks caused temporary disruptions, no permanent damage or data breaches were confirmed.

The attackers explicitly linked their actions to Cyprus’ geopolitical stance, demanding policy changes toward Israel and humanitarian aid to Gaza. LulzSec Black claimed the operation aimed to “punish” Cyprus for allowing Israeli military training on its territory and alleged UK arms transfers to Israel via Cypriot bases. Cybersecurity firm Odyssey assessed the campaign as politically motivated, aligning with hacker rhetoric on underground forums. Digital Security Authority head George Michaelides cautioned against panic, emphasizing proactive security measures like avoiding suspicious links and email attachments. Experts, including Eleftherios Antoniades and European University professor Yianna Danidou, characterized the attacks as a “show of force” or “testing process” to gauge Cypriot defenses, warning they could precede more severe, unannounced incidents. Danidou noted the difficulty of attributing attacks via IP addresses, particularly when hackers operate through the dark web. Despite successful containment, officials acknowledged vulnerabilities in national cybersecurity preparedness, with Antoniades highlighting inadequate detection capabilities in some organizations. Michaelides reiterated the importance of sustained vigilance, stating that threats could resurface without warning. The incident underscored the interconnectedness of geopolitical tensions and cyber warfare, with critical infrastructure remaining a high-priority target for hacktivist groups seeking political leverage.