Filenews 15 October 2025 - by Fanis Makridis
The hacker strike on the "Thalis" system of the Cyprus Post is greatly underestimated by competent state services.
Although what emerges from official information is that there are no indications of leakage of the content of classified documents, only data on their movement, nevertheless the Police, through its competent department, have taken action. The issue also concerned the Digital Security Authority (DSA).
We are informed that on Monday there was contact between the two aforementioned services. Specifically, the Police reportedly contacted an official of the Digital Security Authority on Monday.
A competent department of the police force is already making efforts to identify traces of the origin of the blow by evaluating data uploaded to the dark web. It should be noted that the Cyprus Post is not considered a critical infrastructure, while after the strike no complaint was duly made to the Police.
The action taken by the Police on the issue that arose is also inferred from what the spokesperson of the police force, Kyriaki Lambrianidou, said, in response to questions from "F".
Ms. Lambrianidou stated that "from the first moment we became aware of the allegation that classified documents of services of the Republic may have been leaked to the 'dark web', we contacted the Digital Security Authority (DSA) and requested relevant information to investigate the commission of possible offenses, but also in order to take preventive measures."
The Police spokeswoman added: "The Cybercrime Sub-Directorate is making efforts to prevent the leak of documents, while also investigating the allegations of their leak."
Giorgos Michailidis
There was also a mobilization by the Digital Security Authority, according to statements made to our newspaper by the Commissioner for Communications, Giorgos Michailidis.
Answering questions from "F", although sparing in his positions, he stated the following: "When we became aware of the fact, although the Cyprus Post is not considered a critical infrastructure of the Republic, there was our involvement."
The leaks
The blow to the Cyprus Post was felt by posts by the hacker on the "dark web", who put up for sale data obtained through the cyberattack.
The Cyprus Post had announced since September 30 that the "THALIS system is out of order for security reasons". The relevant information explained that "due to this fact, items subject to customs control cannot be delivered by the Post Offices".
However, the issue only took on dimensions in the previous 24 hours from publications of English-language websites analyzing cyberattacks.
The hacker in this case put up for sale and advertises that he has at his disposal lists of e-mails of official officials, statements with financial data, official e-mail and details for sending parcels. All the data concern, as he claims, the Presidency of the Republic, Embassies, the Police and the Central Prisons.
The website Dark Net Search notes, among other things, in a related report: "On October 3, 2025, a hacker known by the pseudonym ByteToBreach announced on the Dread forum that he had extracted thousands of documents from the Thalis system (https://thalisadmin.cypruspost.post). The leaked files reportedly include parcels, invoices, police communications, embassy correspondence and even shipments to the Presidential Palace. According to the post, the messages were found to come from agencies in England, Luxembourg, Poland and other EU countries, which demonstrates the international dimension of the incident."
Alert
Although the position is put forward by Cypriot government services that what the hacker secured is correspondence data and not the content of classified documents, however, as we are in a position to know, the issue is not underestimated. This is because even if what was leaked includes data on the movement of documents, nevertheless information is drawn from this data alone that may even be characterized as sensitive.
In addition, competent departments/services of the Republic are on alert due to developments related to politics and other international developments. As an expert told "F", the coming months do not allow for relaxation on cybersecurity issues, referring us to the Cypriot Presidency of the Council of the European Union (1/1/2026 – 30/6/2026).
"Photographs of objects"
The Cyprus Post claims that the contents of classified correspondence have not been leaked. The statements made yesterday by the director of the post office, Pavlos Pavlidis, on an information show (SIGMA): "The hacker gained access to one of the post office's systems. With the investigation we have done so far, it seems that he took some photos from the system's screens, which have been leaked to the internet and in which some entries related to objects can be seen. Also, there are some photos of objects and some photos of the internal statements of the cash receipts of some offices."
Government "black out" for five hours: An overhead cable of a provider was cut
- Scenario of a controlled shutdown to improve security systems has been refuted
Yesterday's five-hour "blackout" in government service systems is not linked to any cybersecurity issue, according to competent officials.
Based on official positions from the Deputy Ministry of Research and Innovation, the problem arose when a passing truck cut an overhead cable of a telecommunications provider.
The long "black out" had side effects for government employees, but also for citizens. Public officials did not have access to local networks, that is, they did not have internet access and could not send official messages via e-mails. At the same time, citizens could not access specific government online platforms. The problem was gradually restored.
Yesterday, however, and before official statements were made about the "black out", a scenario was developed about the connection of the interruption with possible processes for upgrading security systems, due to the previous blow to the "Thalis" system of the Cyprus Post. However, the scenario was ruled out after the official positions that were made.
It should be noted that the Commissioner for Communication, Giorgos Michailidis, speaking to "F", said that no information had been taken into account to show that yesterday's incident is related to any cybersecurity issue
