Friday, 3 July 2026
Rīga TV

World and Latvian news in one place

TechnologyPublished: 3 July 2026 at 01:37

Cyberattack on Latvijas valsts meži: no evidence of election interference

Despite conspiracy theories on social media, the cyberattack on Latvijas valsts meži was not aimed at influencing the upcoming Saeima elections; the perpetrator is a financially motivated ransomware group.

Foto: Apollo.lv

A cybersecurity incident detected in late June at the IT infrastructure of AS "Latvijas valsts meži" (LVM) has sparked public debate. Alongside official information, unfounded assumptions circulated on social media, including claims that the attack targeted the upcoming Saeima elections. These allegations have not been confirmed.

Timeline of events

LVM confirmed the incident was discovered over the weekend, and on June 22 at 8:30 AM, the company proactively shut down all IT infrastructure to limit potential data leaks. The national cybersecurity incident response institution "Cert.lv" was notified, and by 10:15 AM, internet access was fully blocked. Several external systems, including "LVM GEO" and the hunting app "Mednis," were temporarily unavailable. Baiba Kaškina, head of "Cert.lv," stated that undamaged backup copies are available for system restoration. On July 1, the attacker leaked 44 gigabytes of data, but the total volume may be larger. A foreign financially motivated ransomware group claimed responsibility, which has previously conducted similar attacks in other countries.

Police investigation

LVM filed a report with the State Police, which launched a criminal investigation. The police are also examining the actions of an individual unrelated to the incident. Cybersecurity expert Elviss Strazdiņš publicly stated he contacted the attacker and learned the ransom demand – approximately 0.1% of LVM's annual revenue, or more than €600,000. The State Police emphasized that these actions were not coordinated with any of the institutions involved in the investigation.

Voter registry secure

Minister of Smart Administration and Regional Development Edgars Tavars noted that the electronic voter registry (ETVR), whose development involved LVM, was handed over to the state before the incident and was not compromised. "Cert.lv" stressed that the election system infrastructure is entirely separate from LVM's infrastructure. The relevant technical solutions have already been transferred to the State Digital Development Agency and will undergo an independent security audit.

Debunking misinformation

Claims on social media that the attack aimed to influence elections have not been substantiated. Baiba Kaškina stated that the attacker's modus operandi indicates financial motivation – profit and attention, not political interference. The group has conducted over 200 attacks across various countries. Cybersecurity expert Elviss Strazdiņš also confirmed the financial motive, suggesting that data could be sold abroad. Following the incident, Prime Minister Andris Kulbergs ordered all ministries to report on their cybersecurity measures.

Comments

0/1500

Comments are automatically moderated. No hate, threats, personal data or spam.

Loading comments…

More in this category