The Security and Intelligence Agency (SOA) has confirmed to N1 that it is actively involved in the investigation of the cyber attack on KBC Zagreb. The hospital system is back in operation and the forensic investigation is underway.

“The SOA’s Cyber Security Centre is actively supporting the health system in the digital forensic processing and in eliminating and remedying the consequences of a cyber attack on part of KBC Zagreb”s information system,” it said.

However, SOA points out another important thing.

“And this cyber attack has confirmed the importance of the measures provided for in the new Cyber security Act, i.e. the EU’s NIS2 Directive. In this sense, the SOA’s Cyber Security Centre will take the necessary measures in collaboration with other actors of the Cyber security Act, focusing on the prevention and resilience of information systems against cyber threats,” it said.

State-sponsored cyber attacks

The European NIS2 Directive aims to achieve a high common level of cyber security across the Union. In order to comply with the regulations, many commercial companies and various organisations that have not yet been affected by the application of these regulations will have to start thinking about their own level of cyber security.

“All over the world, cyber attacks on the information systems of state and private organisations are on the rise, and the Republic of Croatia is no exception. The SOA Cyber Security Centre has registered an increasing number of advanced, state-sponsored cyber attacks on the systems of government bodies and critical infrastructure operators, as SOA has reported in its public reports. More than 10 such cyber attacks were registered in the first half of this year.

The cyber attacks on certain Croatian financial institutions on 26 June 2024 confirm this trend. These were so-called DDoS attacks that temporarily paralysed access to the internet services of the attacked institutions. According to the data collected so far, no damage to the information systems of the attacked institutions has been detected, while further forensic investigations are underway to gather more information about the attack. SOA’s Cyber Security Centre is providing active support to the attacked facilities,” SOA said.

Pro-Russian hacker group claims responsibility for attacks

The pro-Russian hacker group NoName057(16) claimed responsibility for a cyber attack on several Croatian institutions, as announced on their Telegram channel.

The group stated, “It’s been a while since we’ve visited Croatia and we decided to ‘remind’ ourselves,” noting that the websites of the Croatian Tax Administration and the Croatian National Bank were down. This message was posted on Wednesday.

NoName057(16) also announces attacks on the X platform, though this Croatian incident wasn’t mentioned there.

Recent attacks by the group have targeted websites in Ukraine, Austria, Belgium, Cyprus, Bulgaria, and Romania.

NoName057(16), first appearing in March 2022, claims to attack state institutions, media, and private companies in Ukraine, Europe, and the U.S. Targets of the Wednesday attacks included the Ministry of Finance, the Tax Administration, the Croatian National Bank, and the Zagreb Stock Exchange, with KBC Zagreb hospital targeted on Thursday.