Cyber Incident Victim: Árvakur hf
Date:
Jun 2024
Location:
Iceland
Summary
A cyberattack targeted Icelandic media company Árvakur, disrupting operations of its newspaper Morgunblaðið and radio station K100, causing extended outages for their websites and broadcasting services. The attackers, identified as the Russian-linked group Akira, infiltrated Árvakur's systems, exfiltrating and encrypting internal data while demanding ransom, which the company publicly refused to pay. In response, cybersecurity authorities restricted foreign traffic to mitigate the attack's impact, characterizing it as a distributed denial-of-service incident. Icelandic officials condemned the breach as an assault on democratic institutions and national security, noting similarities to prior ransomware campaigns against Icelandic entities. Services were restored following containment measures, though the initial intrusion vector remains undetermined.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 23, 2024, a cyberattack targeted Árvakur, the publisher of Icelandic newspaper Morgunblaðið and radio station K100. The incident began Sunday afternoon, causing Morgunblaðið's website to become inaccessible for several hours while K100's broadcasts and other publisher systems simultaneously failed. Attackers infiltrated Árvakur's internal network, exfiltrating and encrypting company data. In response, Árvakur implemented geographic restrictions blocking all foreign web traffic to its platforms, limiting Morgunblaðið's website access exclusively to Icelandic IP addresses. Cert-is, Iceland's national cybersecurity unit led by Guðmundur Arnar Sigmundsson, confirmed this containment measure as standard protocol during such incidents. The attack methodology involved overwhelming systems with abnormally high data traffic, causing service disruption. By June 25, both mbl.is (Morgunblaðið's online outlet) and K100 had restored normal operations following mitigation efforts.
Authorities attributed the attack to Russian cybercrime group Akira, previously linked to ransomware operations against Icelandic automotive retailer Brimborg and the University of Reykjavík. Karl Blöndal, Morgunblaðið's deputy editor-in-chief, publicly rejected any ransom payment negotiations but declined to confirm whether attackers had issued formal demands. Icelandic Minister of Tourism, Trade, and Culture Lilja Alfreðsdóttir characterized the incident as an assault on democratic institutions and national security. The breach's initial vector remained undetermined at the time of reporting, with no disclosure regarding specific compromised data types or quantities. Technical recovery efforts focused on isolating affected systems while maintaining domestic access to critical media services during the disruption.