Cyber Incident Victim: Thessaloniki Municipality
Date:
Jul 2021
Location:
Greece
Summary
A cyberattack disrupted municipal services in Greece's second-largest city, prompting authorities to shut down all digital services and web applications to facilitate investigations and prevent further breaches. The intrusion, attributed to hackers potentially sponsored by foreign governments, led to significant operational interruptions, though specific defensive measures or the exact nature of the attack remained undisclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 23, 2021, the City of Thessaloniki, Greece’s second-largest municipality, experienced a cyberattack that disrupted municipal services and forced the shutdown of its digital operations. The intrusion prompted city officials to deactivate all online services and web applications as a containment measure, aiming to prevent further compromise and facilitate forensic investigations. Deputy Mayor of Business Planning, e-Government, and Migration Policy Giorgos Avarlis publicly confirmed the incident, though no technical specifics regarding the attack vector, such as ransomware or data exfiltration, were disclosed. The incident aligned with a reported global trend of increased cyberattacks against municipal infrastructure, with the article attributing such activities broadly to hackers “sponsored by Russia and China and authoritarian governments around the world,” without explicitly confirming state involvement in this specific event. No threat actor group or specific motivation was identified in the available reporting.
The immediate operational impact included the suspension of all city agency services reliant on web applications, though the duration of the disruption and the full scope of affected departments remained unspecified. The city’s primary response focused on isolation—disconnecting systems to halt ongoing attacks and enable security assessments—with no mention of data theft, financial demands, or restoration timelines. Avarlis emphasized the shutdown’s purpose was to allow “proper investigations” and reduce the risk of recurrent attacks, but the municipality did not disclose its existing cybersecurity defenses or whether vulnerabilities were remediated. No collateral impacts on residents, such as data leaks or prolonged service outages, were detailed in the report. The incident underscored the vulnerability of local government digital infrastructure to disruptive cyber intrusions, though its resolution status and long-term consequences were not publicly documented.