Cyber Incident Victim: Pro Plus

A cyber-attack disrupted operations at Pop TV, Slovenia's most popular television channel, beginning on Tuesday, February 8, 2022. The incident prevented the station from displaying computer graphics during the evening broadcast of its flagship news program, 24UR. Technical limitations forced the cancellation of the night edition of 24UR, though a shortened version aired on Pop TV's website. Initial restoration efforts allowed news broadcasts to resume by Wednesday, but the attack's scope extended beyond broadcast systems. Subsequent analysis revealed compromise of web servers supporting VOYO, Pop TV's on-demand streaming service operated by its parent company. This secondary impact blocked staff from uploading new content to VOYO and disrupted live streaming capabilities for all channels, including Winter Olympics coverage—a significant disruption given the event's timing and subscriber expectations.

Pop TV issued public statements on both Tuesday and Wednesday confirming technical disruptions but avoided explicit attribution or detailed forensic findings. Slovenia's Computer Emergency Response Team (SI-CERT) acknowledged collaboration with the broadcaster but declined to disclose investigative details. Media reports from Slovenian outlet Zurnal24 indicated foreign hackers conducted an extortion attempt resembling ransomware tactics, though Pop TV did not confirm this characterization. The combined technical impacts lasted at least two days, affecting core broadcast operations, digital content distribution, and live sports streaming—a multi-faceted disruption contrasting with shorter outages experienced by other broadcasters in historical attacks. Comparative analysis showed Pop TV's recovery timeline was faster than ransomware incidents at France's M6, Portugal's SIC, and U.S. networks like Sinclair Broadcast Group, where outages persisted for multiple days across broader IT infrastructure.