New details emerge about cyberattack on Foreign Ministry
The cyberattack on Slovenia's Ministry of Foreign and European Affairs of which the public was officially informed on 7 April had been in progress at least since March 2022 when the previous government was still in office, new media reports have revealed. China is believed to have been behind the attack.
The cyberattack was on the agenda of the parliamentary Foreign Policy Committee as it met behind closed doors on 26 April at the behest of Anže Logar, an MP for the opposition Democrats (SDS), who served as foreign minister in the previous government, led by Janez Janša.
Reports run by the news portals 24ur.com and N1 on the same day allege that the attack had been in progress at least since March 2022 when Logar was still in office. They suggest it could be linked to Janša's statements about Taiwan.
Earlier this month, 24ur.com reported that the attack had been perpetrated by Chinese hackers, who were only interested in documents related to China and Slovenia's policies on China. Citing unofficial sources, the portal identified Vixen Panda, a well-known Chinese hacker group, as the most likely attacker.
Quizzed by Logar at the 12 April session of the Foreign Policy Committee, Foreign Ministry State Secretary Samuel Žbogar said he could not confirm the report about alleged Chinese involvement in the cyberattack. He said the investigation of the background was still ongoing.
Logar pressed Žbogar about why a session of the National Security Council had not been called yet and wanted to know whether the Chinese ambassador had been summoned.
The state secretary said the ministry had not spoken to the Chinese ambassador for now because "there has been no confirmation about which country is behind the attack". He said sessions of the Foreign Policy Committee and the National Security Council were to be convened as soon as the report on the attack was ready.
Earlier, Foreign Minister Tanja Fajon said the attack had been launched from a third country, and appeared to "have been going on for quite some time". She said most EU member states had been targetted.
Fajon attended the most recent session of the Foreign Policy Committee on the issue, but no statement was scheduled after the session, and neither Fajon nor Logar would talk to the press as they were leaving the meeting.
Meanwhile, 24ur.com reported that investigators found a recording on the server of the Public Administration Ministry suggesting that the attack had been in progress at least since March last year.
The start of the Chinese cyberattack can be traced back to January 2022, when Janša, the prime minister at the time, gave statements implying that Slovenia was planning to forge closer ties with Taiwan, 24ur.com said.
Janša told the Indian broadcaster Doordarshan that Slovenia was in talks with Taiwan about diplomatic representation. He was also critical of China's response to Lithuania's decision to open a diplomatic mission in Taipei and allow a Taiwanese mission in Vilnius.
N1 reports the findings from the investigation report are not yet known. It says, however, that the Foreign Ministry should have set up better cybersecurity measures in October 2021. The ministry was completely unprepared, 24ur.com says about the cyberattack, which is being investigated by the relevant inspectorate.
The news portal says the inspectorate has found the situation disastrous, with a number of flaws, similar to what was found after last year's cyberattack on the Administration for Civil Protection and Disaster Relief.
The latter was attacked by Chinese ransomware, far less serious than the attack by the Chinese Vixen Panda (APT15) that targetted the Foreign Ministry, 24ur.com also said.
According to N1, the hackers were linked to China and had access to data on the Foreign Ministry's servers and Slovenia's diplomatic network for months, including to dispatches sent through internal channels.