In an email the Scottish Parliament Chief Executive Sir Paul Grice told MSPs that the systems remain under threat.
“At this point there is no evidence to suggest that the attack has breached our defenses and our IT systems continue to be fully operational,” he said, but warned: “Users should be aware, however, that this attack remains ongoing.”
Grice added that it’s “not uncommon for brute-force attacks to be sustained over a period of days.”
A spokesperson for the the UK’s National Cyber Security Centre said: “The NCSC is aware of a cyber incident involving the Scottish Parliament and has been working with their digital security team.”
While the attack hasn’t penetrated the system, it has reportedly resulted in MSPs being locked out of their accounts as a security measure.
The parliament is currently on its summer recess and will not reconvene until September 3.
A similar attack targeted the email accounts of members of the UK’s Houses of Parliament in June, while in May Britain’s National Health Service (NHS) was one of the most high-profile victims of the WannaCry ransomware attack which hit more than 230,000 computers in more than 150 countries around the world.
Parts of the NHS were forced to run on an emergency-only basis during the attack.