Cyber Incident Victim: Slovakia
Date:
Jun 2020
Location:
Slovakia
Summary
Slovak authorities seized suspected wiretapping devices connected to the government's IT network, GOVNET, which interlinks state agencies, and arrested four individuals including two officials from the agency managing the network, a staffer from the Deputy Prime Minister's office, and a private sector representative. The equipment, found within law enforcement and judiciary networks, allegedly enabled interception of internet and telephony communications, though investigators are also examining whether the devices were legitimate security systems installed during prior audits. Authorities are probing potential involvement of the arrested officials—either as active participants or victims of supply chain compromise—while considering possible foreign intelligence service links to the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 9, 2020, Slovak authorities arrested four individuals and seized suspicious devices connected to GOVNET, the government network linking various state agencies. The National Criminal Agency (NAKA) executed the operation following the discovery of equipment suspected of enabling wiretapping of internet and telephony communications. The devices, described as server-like hardware, were physically integrated into GOVNET infrastructure managed by the National Network and Electronic Services Agency (NASES). Some were removed from networks belonging to law enforcement and judicial bodies. Among those detained were two senior NASES officials, a staff member from the Deputy Prime Minister’s office, and a private-sector individual. NAKA publicly confirmed the arrests via a Facebook post on the same day, initiating an investigation into the devices’ technical capabilities and origins. NASES personnel faced scrutiny regarding their potential role in installing the equipment, though investigators had not yet determined whether they were complicit or victims of a compromised supply chain.
NAKA’s investigation focused on determining whether the equipment facilitated unauthorized surveillance, with authorities acknowledging the possibility of foreign intelligence involvement. Local news outlet Noviny reported an alternative explanation, citing a former government minister and the head of the Slovak Information Service, who suggested the devices might have been legitimate security systems deployed after prior audits to defend against cyberattacks. This interpretation posited that traffic logging features, which could resemble surveillance tools, were part of standard protective measures. The incident prompted seizures across multiple government-linked networks but yielded no immediate public details on compromised data or operational disruptions. No entity claimed responsibility, and the probe remained ongoing at the time of reporting, with no conclusive findings disclosed regarding the intent or origin of the devices.