Cyber-attack disrupts Slovenia's top TV station - The Record by Recorded Future

Cyber-attack disrupts Slovenia’s top TV station
A cyber-attack has disrupted the operations of Pop TV, Slovenia’s most popular TV channel, in an incident this week believed to be an extortion attempt.

The attack, which took place on Tuesday, impacted Pop TV’s computer network and prevented the company from showing any computer graphics for the evening edition of 24UR, the station’s daily news show.

The night edition of the same show was canceled altogether, although a truncated version of the news aired on the company’s website, Pop TV said in a statement on Tuesday, the day of the attack.

But while news broadcasts were restored by the next day, the attack also impacted other parts of the network’s operation.

In a second statement on Wednesday, Pop TV said the attack also hit some of its web servers, including VOYO, an on-demand streaming platform that offers channels from its parent company, along with licensed movies and TV series.

The company said the attack prevented its staff from adding new content to the platform and streaming any of its channels and live sporting events, such as the Winter Olympics, which angered many of its paid subscribers.

Local news outlet cites extortion attempt
A 24UR spokesperson did not return a request for comment seeking details about the nature of the incident, but fellow Slovenian news outlet Zurnal24 reported that Pop TV was being extorted by foreign hackers in what appears to be a ransomware-like attack.

Slovenia’s Computer Emergency Response Team, SI-CERT, issued a statement as well, confirming it was working with the TV station to deal with the attack, but refused to share any other details.

Over the past few years, several major TV stations have been hit by cyber-attacks, including the likes of France’s M6 (October 2019), The Weather Channel (April 2019), the Cox Media Group (June 2021), the Sinclair Broadcast Group in the US (October 2021), Portugal’s SIC (January 2021), and Iran’s IRIB (February 2021).

Excluding the IRIB incident, most of these were ransomware attacks that hit the stations’ backend IT infrastructure, causing broadcasts to go offline for hours while engineers worked to restore systems, meaning that Pop TV got off easier than most of the previous cases.