Cyber Incident Victim: Hellenic Defense Systems
Date:
Feb 2021
Location:
Greece
Summary
A ransomware attack targeted Hellenic Defense Systems (EAS), with threat actors demanding cryptocurrency payments. Initial concerns about potential foreign-state cyber espionage were later clarified as a financially motivated ransomware incident. The attackers reportedly failed to breach the production systems containing sensitive data. National defense authorities, law enforcement, and intelligence agencies were engaged in investigating the breach, though the specific malware variant remained unidentified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Hellenic Defense Systems (EAS) cyber incident was detected several days prior to February 17, 2021, triggering immediate involvement from Greek national security authorities. The Ministry of National Defense and national law enforcement agencies initiated an investigation upon discovery, with the National Intelligence Service (EYP) concurrently monitoring developments. Initial assessments raised concerns about potential state-sponsored cyber espionage targeting defense infrastructure, reflecting the sensitive nature of the compromised entity. Media reports indicated the attack disrupted normal operations, though specific affected systems or network segments were not detailed in available sources.
Subsequent analysis revealed the incident as a ransomware attack, with threat actors demanding cryptocurrency payments. Investigators determined that attackers failed to penetrate the production environment containing the most sensitive military data, limiting potential exposure. No malware variant was publicly identified, and the attackers' identity remained unconfirmed despite early suspicions of foreign state involvement. The company coordinated with governmental entities throughout the containment process, though specific remediation measures weren't disclosed. Financial or operational impacts weren't quantified in reporting, and no data exfiltration claims were verified. The ransomware demand amount and payment status remained undisclosed in public records.