ATHENS – A cyberattack that shut down high school exams and was said the biggest ever in the country has led Greece’s Supreme Court Public Prosecutor Isidoros Dogiakos to order an investigation of how it happened.

The Police Cyber Crime Unit will assist, said Balkan Insight, after criticism that the state wasn’t prepared despite a series of other breaches and attacks against other government institutions.

Athens is also home to the European Union’s cybersecurity agency ENISA but it wasn’t said if it would be approached for assistance or have any role nor what line of defenses were in place before the attack.

The end-of-year exams were disrupted for two days over the tech assault on the data bank providing the questions, causing delays, cancellation of exams, and chaos among teachers and students, the news site said.

https://balkaninsight.com/2023/05/31/greece-prosecutor-calls-a-probe-into-a-school-exam-cyber-attack/

It came as Greece is temporarily being governed by a caretaker administration leading up to a second round of elections on June 25, but the previous ruling New Democracy was blamed by the major opposition SYRIZA for not having cyber defenses in place.

The caretaker Ministries of Education and Religious Affairs and Digital Governance said the school exams platform received large-scale and long-lasting distributed denial-of-service, DDoS, attacks (up to 280,000 connections per second) which can shut down systems.

“The exam bank platform received 165 million hits from 114 countries. It is the most significant attack ever made on a Greek public government organization,” the ministries said, adding that the DDoS attack is not a breach of the system, nor are they able to gain access to its components and data.

Caretaker Prime Minister Ioannis Sarmas’ office said the attacks were powerful and sophisticated but were successfully deflected, at odds with reports of long delays and disruptions.

The statement said that the state’s organisational and operational capabilities could activate whatever defence is necessary to manage future cyber-attacks without explaining why it didn’t in the case of the attacks.

In March 2022, hackers used ransomware and brought down the Greek Post Office’s computer systems. On January 17, two hospitals in the Attika region, Sotiria, and Asklipieio Voulas,  were hit by cyberblackmailers using ransomware, asking to be paid before unlocking the systems.