Expert: Hacker Used Seven-Year-Old Vulnerability in LVM Cyberattack
Cybersecurity expert Elvis Strazdiņš revealed that the attacker breached Latvia's state forest company servers using a long-unpatched software vulnerability and is demanding a ransom.
/nginx/o/2026/06/26/17744470t1h7a40.jpg)
In a cyberattack on AS "Latvijas valsts meži" (LVM), the hacker exploited a software vulnerability that had remained unpatched for seven years, cybersecurity expert Elvis Strazdiņš told Latvian Television's program "Panorāma".
Strazdiņš explained that the attacker began with a vulnerability in the "GEO" system. Although most servers had the latest version, one server was not updated, providing an entry point. The expert also noted that the hacker left malware, encrypted all data, and deleted backups.
He further stated that the hacker is demanding a ransom, leaving contact details on "Signal" and other platforms. The expert suggested that the attacker might try to sell the stolen information to countries unfriendly to Latvia.
The cybersecurity institution "Cert.lv" confirmed that a foreign financially motivated ransomware group claimed responsibility, having carried out similar attacks against other countries' companies and institutions.
"Cert.lv" continues to assist LVM in investigating and mitigating the incident. It is analyzing leaked data and warning potential targets. LVM's IT team is gradually restoring internal systems, but external services, including "LVM GEO", map services, and the hunting app "Mednis", remain offline.
LVM has filed a report with the State Police regarding the incident.
/nginx/o/2026/06/04/17688211t1hca6d.jpg)
