Thursday, 2 July 2026
Rīga TV

World and Latvian news in one place

LatviaPublished: 2 July 2026 at 14:37

PM: Hacker spent several days undetected in Latvian State Forests system

Prime Minister Andris Kulbergs revealed that a hacker entered the system of AS “Latvijas Valsts meži” on June 11 but only began active operations on the night of June 22-23, remaining unnoticed for days, highlighting shortcomings in cybersecurity monitoring.

Foto: BNN

After a cabinet meeting on cybersecurity Thursday, Prime Minister Andris Kulbergs told journalists that a hacker had infiltrated the system of Latvijas Valsts meži (LVM) as early as June 11, but only started real actions on the night of June 22-23. The intruder was able to operate undisturbed for several days because the system lacked identification tools to detect anomalies. Kulbergs described this as unacceptable.

The Prime Minister acknowledged that no one is immune to cyberattacks and that such incidents occur monthly. He is still determining specific responsibilities within LVM. A key issue is why LVM had not implemented the requirements of the National Cyber Security Law and how the company’s cybersecurity audit could have missed this.

Currently, LVM has recovered 85% of the compromised information. There is no threat to the state, but the data includes sensitive information whose status will be discussed at a separate meeting. The election system and the module LVM was working on were not affected.

Kulbergs noted a lack of a single coordinator nationwide, suggesting the Crisis Management Center should take that role. On the day he received news of the incident, he was abroad, so Defense Minister Raivis Melnis convened a meeting of responsible institutions on June 25. Melnis stressed that cybersecurity is the responsibility of every individual and organization.

The meeting agreed that public communication will be handled by LVM with support from Cert.lv and the Crisis Management Center. Incident response is being carried out by LVM together with Cert and other capable organizations. The Defense Ministry, along with partners, promised help in implementing business continuity plans. The Prime Minister will issue a resolution assigning duties to those responsible.

The cyberattack on LVM’s IT infrastructure was detected on June 22. For security reasons, external systems – LVM GEO, map services, and the Mednis hunting app – as well as several internal systems were shut down. A foreign ransomware group claimed responsibility. The State Police have initiated criminal proceedings, and Cert.lv is investigating the incident. Cybersecurity expert Elviss Strazdiņš contacted the group, which demanded a ransom of 0.1% of LVM’s annual revenue, i.e., over €600,000.

Comments

0/1500

Comments are automatically moderated. No hate, threats, personal data or spam.

Loading comments…

More in this category