Serbia public energy company EPS possibly hit by Qilin ransom gang

The Serbian government and the public energy company Elektroprivreda Srbije (EPS) have not acknowledged multiple reports about the company being targeted by a ransomware attack.

Qilin claimed to have seized a significant amount of EPS’s confidential data, including private agreements, contracts, financial documents, and extensive private email correspondences. The group threatened to publicly release this data in 10 days if EPS did not reach an agreement with them. The Qulin leak site has listed Elektroprivreda Srbije as a victim and published 24 screenshots of contracts, invoices, financial spreadsheets and folder tree, but still hasn't published a data dump.

On December 19, EPS acknowledged a “crypto-type” hacker attack and reported that they were in the process of recovery. The attack disrupted the EPS bill payment portal and delayed the distribution of November bills.

EPS, in a statement, only mentioned that they had dispatched all November bills to consumers, without addressing the alleged cyberattack. The National Centre for the Prevention of Security Risks of Serbia (CERT) informed that due to their protocols, they cannot disclose information about such security incidents to the public.