The Ministry of Economy and Labor in North Macedonia became the target of a cyberattack on September 12, 2024. The hack disrupted the ministry’s operations, leaving employees without access to the internet and official emails. The attack led to a significant network disruption, with only partial internet access available within the ministry’s building. The primary internet connection was severed, making it difficult for staff to carry out their day-to-day functions.
Details surrounding the nature and extent of the breach remain unclear, with the ministry withholding official information. It was reported that the ministry’s databases were locked, indicating a possible ransomware attack, though the exact data compromised has not been confirmed. The ministry has not disclosed whether any sensitive information from citizens or companies was affected by the breach. Despite the critical situation, the public was kept in the dark for three weeks, raising questions about transparency and the communication of such incidents to the public.
Unofficial sources indicate that the hack was related to an outdated server, which may have been vulnerable to attack. The IT department employees reportedly informed colleagues that the issue was a server malfunction, though it is suspected that the files were locked by ransomware. The hackers likely demanded a ransom in exchange for restoring access to the locked data. In response, the Ministry of Digital Transformation provided the ministry with a new server, and data migration from the most recent backup began. The process is expected to be completed by the following week, allowing the ministry to restore its operations.
This cyberattack adds to a growing list of high-profile cyber incidents affecting North Macedonia’s institutions, including the Health Insurance Fund and MEPSO, over the past year. The country still lacks an effective, rapid-response mechanism to handle cyber incidents. However, the government is in the process of introducing a new law on network and information systems security, which will establish a Computer Incident Response Center (CIRC) within the government. This initiative aims to improve the nation’s response to future cyber threats by incorporating IT experts from key institutions to address and mitigate such incidents swiftly.
