CERT.lv found that the same cyberattacker who targeted Latvijas valsts meži (LVM) also accessed a server belonging to drug manufacturer Olpha, though the two incidents are not technically linked. Olpha contained the damage, but the investigation continues after unauthorized access, deleted evidence logs, and warning signs of active financially motivated threat groups in Latvia. #Olpha #CERTlv #Latvijasvalstsmeži
Information
- Victim: Olpha
- Website: olpha.eu
- Country: Latvia
- Date Reported: 2026-06-30
Keypoints
- CERT.lv discovered that the same cyberattacker involved in the Latvijas valsts meži (LVM) incident also accessed Olpha’s server.
- The Olpha and LVM incidents are not technically linked, according to CERT.lv.
- At least one Olpha information system was accessed without authorization.
- No data encryption was observed during the intrusion.
- Evidence logs were deleted during the incident.
- Olpha contained the damage, but analysis is still ongoing.
- CERT.lv warned that foreign financially motivated ransomware groups remain active in Latvia and published attack indicators to help organizations defend themselves.