E-mail:
Password:
Free guest access

Send a comment to editor

Hacker behind cyberattack on LVM also compromised pharmaceutical company Olpha's server - Cert.lv
Your name:
E-mail:
Comment:
Security Code:
To refresh the security code, click on it
Enter the code here:
    News

    Hacker behind cyberattack on LVM also compromised pharmaceutical company Olpha's server - Cert.lv

    RIGA, July 3 (LETA) - The hacker behind a cyberattack on state forest manager Latvijas Valsts Mezi (LVM) also compromised pharmaceutical company Olpha's server, cyber incident response institution Cert.lv informed LETA.

    Cert.lv notes that during an analysis of the LVM incident, it was determined that the hacker had also compromised Olpha's server. However, the two incidents are technically unrelated and occurred independently of one another, said Cert.lv.

    Cert.lv has launched an investigation into the incident, which has revealed unauthorized access to at least one Olpha information system, a server, though the data were not encrypted.

    Olpha has contained the incident, only one server has been affected, and the company has not yet identified any additional damage resulting from the incident. In cooperation with the company, the analysis of this incident is still ongoing, said Cert.lv.

    Cyberspace monitoring data compiled by Cert.lv indicate that a foreign, financially motivated ransomware group responsible for the attack continues its activities in Latvia's cyberspace.

    Cert.lv notes that the ransomware group is actively searching for new potential vulnerabilities in the infrastructure of public and private sector organizations.

    To help organizations identify potential threats in a timely manner, Cert.lv has published indicators of the hacker's network infrastructure identified in the LVM incident. This information may be further updated.

    Cert.lv advises organizations, particularly entities subject to the National Cybersecurity Law and critical infrastructure operators who do not yet use Cert.lv services, to use this information to monitor their networks.

    At the same time, following the LVM cybersecurity incident, Cert.lv has also compiled and published recommendations for strengthening infrastructure cybersecurity resilience. The goal is to help institutions and organizations mitigate the risk of cyberattacks and improve their ability to detect and prevent threats in a timely manner.

    Indicators of the hacker's infrastructure network and the recommendations compiled by Cert.lv are available at https://cert.lv/lv/2026/07/cert-lv-recommendations-for-improving-cybersecurity-resilience-against-cyberattacks.

    As reported, the hacker has leaked 44 gigabytes of data obtained during a cyberattack on LVM, but the total amount of data potentially obtained in the attack is most likely greater, Cert.lv told on Wednesday.

    The institution noted that the majority of the leaked information consists of internal documents, email correspondence and attachments, LVM’s business information technology (IT) project code repository, certificates and keys for various systems, as well as user passwords and the hash values of those passwords.

    By analyzing the leaked data, Cert.lv is compiling information on potential threats to third parties, whom it is immediately notifying of the need to change their authentication credentials and take other preventive measures. In addition, all certificates and keys found in the leak are systematically identified, and a renewal process is organized, explained Cert.lv.

    The insitutions emphasized that, during the recovery process following such an incident, all access and authentication credentials for the affected infrastructure must be changed.

    Cert.lv also noted that, given the possibility that personal data may have been compromised in the breach, the company has also contacted the State Data Inspectorate (DVI).

    Previously, LVM indicated that any potential data leak resulting from the cyberattack targeting LVM’s IT systems was halted on June 22 at 8:30 a.m., when the company sequentially shut down its entire IT infrastructure.

    As the company explains, Cert.lv was notified of the cyberattack at the same time. Following Cert.lv's recommendations, LVM’s IT infrastructure was completely cut off from the internet; these measures were implemented on the morning of June 22 and remained in effect until 10:15 a.m.

    After the cyberattack was halted, LVM’s IT specialists have been working in emergency mode-both during the holidays and currently-to restore the operation of all IT systems. Since the attack was detected, working in close cooperation with Cert.lv, no new data breaches have been identified, according to LVM.

    • Published: 03.07.2026 14:16
    • Madara Sidorčenko, LETA
    •  
    • © Without the prior written consent of LETA, any republication of this news text, in whole or in part, or any other use thereof in mass media or on internet websites, is strictly prohibited. Furthermore, the reproduction of lawfully accessible works for the purposes of text and data mining, within the meaning of the Copyright Law, is prohibited.
    • All
    • News
    • Press Releases
    • Photo

    SIGN UP TO RECEIVE NEWS BY E-MAIL

    Advertisements

    LETA projects