In December 2023, a Serbian power utility company came under a cyber attack. The attack was a “crypto-type” attack, which resulted in information encryption. As of this writing, EPS is actively recovering from the attack. These events are similar to events in the region in the past months, highlighting the importance of critical infrastructure in Serbia and neighboring countries.

The government-owned Elektroprivreda Srbije (EPS) stated on December 19, that it was a victim of an “unprecedented” cyber attack. Details on when the attack precisely took place, its motivation, and its origin, were not provided. The EPS reported that the attack did not “endanger the production, nor the supply of electricity,” mainly affecting the bill payment portal. EPS also reassured users of the continued functionality of “electricity production and supply” despite the attack. Details on when the attack precisely took place were not provided.

Balkan Insight further inquired into the matter, receiving a response from EPS stating that “production and all electricity trade activities are safe” without further details nor clarifying whether the data affected is safe.

Moreover, “for security reasons, the IT systems have been put out of operation until the experts are completely sure that the virus has been eliminated, the company stressed,” according to Balkan Green Energy News, a project focusing on the implementation of sustainable development concepts about energy.

Similar attacks happened in Slovenia and Montenegro, at the end of November and during August 2022, respectively. Cyber-material sums up the region’s increased security needs in public utilities by adding that “the incident serves as a stark reminder of the persistent challenges faced by essential services in the evolving landscape of cyber threats.”

The main challenge with implementing measures to counter cyber threats is partly due to evolving technology and security needs. Some cyber attacks may be simple and conducted by one individual. Others may involve a transnational operation conducted by several entities, making it particularly difficult to trace. Also, depending on what public systems are targeted, the recovery times may take a few days to several months.

Most importantly, in addition to these attacks being an inconvenience to the utility companies, they are also an inconvenience to those who depend on them. EPS is government-owned, putting it in a position where it can be deliberately targeted and leave users with few to no alternatives, this also applies to neighboring countries with government-owned utility companies.

The attack’s motivations are yet to be known, but it demonstrates the critical need to invest in resources to improve security measures these companies use. Governments in the region must also have the necessary resources to train and educate people on its cyber needs to thwart off attacks. Doing so will ensure that there is a higher level of preparation in the event of a future attack.