As SecurityLab previously reported, the National Postal Service of Greece (Hellenic Post, ELTA) was forced to temporarily disable its information systems due to a cyber attack. Now ELTA has published new details about the incident, including its scale.
According to a new report, IT specialists have established that the attackers exploited an uncorrected vulnerability through which malware was downloaded, giving hackers access to one of the workstations using the HTTPS reverse shell.
The main purpose of the cyberattack was to encrypt the critical systems of the postal service, but ELTA did not report any ransom demands.
Since currently most cyber-extortion attacks also involve data theft, hackers could steal the names, addresses and payment details of its customers from the postal service’s information systems, but this is still unknown. The Greek data protection regulator has been notified of the incident accordingly, and if there has been a leak, it will be established.
Currently, ELTA branches across the country cannot provide mail services, bill payment, or order processing. Users also have difficulty tracking shipments. It is not yet known when everything will work again.
At the moment, IT specialists have examined more than 2.5 thousand computers in the postal service network, installed security tools on them and removed malware.
The presence of a single backdoor can provide attackers with access to the entire internal corporate network of ELTA through lateral movement and the ability to re-encrypt all systems connected to it.