Cyber Incident Victim: Agencija za privredne registre / Aгенција за привредне регистре
Date:
Mar 2023
Location:
Serbia
Summary
The Serbian Business Registers Agency experienced distributed denial-of-service (DDoS) attacks targeting its web services, causing intermittent disruptions to website functionality, email, and online services. The attacks aimed to overload servers and prevent user access to eServices but did not compromise databases or data. Perpetrators operated globally, flooding systems until defenses were strengthened, enabling service restoration with residual interruptions before achieving stable operations. The Agency reported incidents to national cybersecurity authorities and processed over 15,500 financial statements alongside other electronic submissions during the attack period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Serbian Business Registers Agency (SBRA) experienced sustained distributed denial-of-service (DDoS) attacks targeting its web infrastructure on March 25 and 26, 2023. These coordinated attacks originated from multiple international sources, flooding the agency’s servers with excessive traffic to disrupt access to its eServices platform. The primary objective was to overload web servers and degrade service availability, preventing users from submitting financial reports, electronic applications, and other regulatory filings. During the attack period, the agency’s website, email systems, and web services exhibited intermittent functionality, with occasional outages affecting user access. SBRA’s IT personnel immediately collaborated with Telekom Srbija, their internet service provider, to implement countermeasures while monitoring network activity. Initial efforts partially restored eServices functionality, though residual instability led to sporadic interruptions for users attempting to navigate the platform. Crucially, forensic analysis confirmed the attacks exclusively targeted service availability rather than data integrity or confidentiality, leaving all databases and stored registrant information uncompromised.
By March 27, 2023, SBRA fully mitigated the DDoS campaign and stabilized its systems, enabling uninterrupted access to all web services with no residual performance degradation. That same day, the agency successfully processed 15,500 financial statements submitted through its specialized financial reporting system and received all electronic applications submitted via other online service channels. The incident’s operational impact was confined to temporary accessibility issues, with no evidence of unauthorized data access, modification, or exfiltration. SBRA formally reported the incident to Serbia’s National Center for the Prevention of Security Risks in ICT Systems (National CERT) and the Ministry of Information and Telecommunications, initiating interagency coordination for potential threat actor attribution. Public communications emphasized the restoration of normal operations while acknowledging the transnational nature of the attacks, which involved malicious traffic routed through numerous global jurisdictions without specific attribution to a geographic entity or motive.