Cyber Incident Victim: Libyan Post Telecommunications & Information Technology Company

On or around July 20, 2023, the Libyan Post Telecommunications & Information Technology Company (LPTIC) publicly disclosed through a Facebook statement that it was the target of a significant and ongoing cyber incident. The attack specifically targeted the data center of Libya Telecom and Technology Company, a subsidiary operating under the LPTIC holding company. This incident commenced at approximately 3:00 AM local time and was characterized as a service blockade attack, a type of offensive action designed to disrupt and deny access to critical digital infrastructure. The immediate effect of this sustained assault was the fluctuation of data center services, leading to instability across several key platforms and applications provided by the affected companies. This service instability impacted major communication firms within the LPTIC umbrella, including Libya Telecom and Technology (LTT), Al-Geel Al-Jadeed, and Al-Madar, indicating a broad targeting of Libya's telecommunications sector. The primary objective of the attack appears to have been the disruption of normal service operations, causing widespread instability rather than a complete blackout.

In response to the attack, the targeted companies initiated a coordinated effort to mitigate the impact and restore service stability. LPTIC reported that Libya Telecom and Technology Companies and the International Telecommunications Company (ITC) were actively cooperating with the cybersecurity team from Libya Technology Company to counter the ongoing threats. This collaborative defensive posture was deployed to analyze the attack vectors and implement countermeasures to protect the integrity of the data center and its associated services. Despite the severity and persistence of the attack, the company's initial statements indicated that their efforts were somewhat successful in maintaining a degree of operational continuity, noting that services were "relatively stable" amid the ongoing offensive. This suggests that while users experienced interruptions and performance issues, a total collapse of the telecommunications infrastructure was averted through the concerted efforts of the cybersecurity personnel involved.

The cyber incident was not an isolated event but part of a larger, more organized global campaign. LPTIC's assessment of the situation indicated that attempts to hack the systems of its companies were not only continuing but had also become more organized and widespread on an international scale. The company explicitly noted that similar disruptive cyber attacks had been concurrently reported in numerous countries across different continents, including the United States, Canada, Britain, Germany, France, Denmark, Finland, Egypt, Saudi Arabia, Morocco, and Turkey. This context positions the attack on Libyan telecommunications as one node within a much broader global offensive, suggesting the involvement of sophisticated threat actors capable of coordinating large-scale operations across national borders. The scale of the attack directed specifically at Libya was quantified in the company's reports, which stated that the attacks against the country amounted to 114 GB of malicious traffic, with approximately 4,400 individual attacks taking place during the third quarter of the year, which includes the July incident.

The specific service impact was detailed in the company's communications, which confirmed that the cyber attacks caused several services and applications to become unstable. A named example of an affected platform was the MyLTT Subscriber Services Application, a crucial tool for customers to manage their accounts and services with Libya Telecom and Technology. The disruption of such a customer-facing application points to a direct impact on the user experience and the company's ability to provide consistent service support. The characterization of the attack as a "service blockade" aligns with the symptoms of a Distributed Denial-of-Service (DDoS) attack, where a targeted system is overwhelmed with a flood of internet traffic from multiple sources, rendering it unable to function normally and causing the described fluctuations and instability. The prolonged nature of the attack, which was still ongoing at the time of the initial public statement, underscores the resilience and determination of the threat actors involved, requiring a sustained and resource-intensive defensive response from LPTIC and its partners.

This incident highlights the vulnerabilities inherent within critical national infrastructure sectors, particularly telecommunications, which form the backbone of a country's digital economy and societal connectivity. The targeting of LPTIC, as the holding company for major communication providers, represents a direct threat to Libya's digital sovereignty and operational continuity. The company's previous announcements, referenced in reports, confirmed that the data centre of Libya Telecom and Technology Company had been under continuous attacks prior to this specific event, indicating a potentially prolonged campaign of harassment and disruption against this key piece of national infrastructure. The public disclosure via social media also demonstrates a modern approach to crisis communication, where companies facing cyber incidents provide timely, though limited, updates to manage public expectation and maintain transparency during a service-affecting event. The incident serves as a stark reminder of the persistent and evolving cyber threats faced by critical service providers on a global scale, with threat actors employing increasingly organized methods to achieve widespread disruption.