Top 10 Cybersecurity Breaches in Austria

In our continuing series on top cybersecurity breaches in individual nations, this time we focus on Austria, where the parliament website and the country's foreign ministry have come under malicious attacks. Also, in a bizarre case, a young hacker offered the registration data of virtually all Austrian citizens for sale!

The website of the Austrian parliament (Österreichisches Parlament) was upended for 20 minutes over the weekend of February 7-8, 2017 in a distributed denial-of-service (DDoS) attack. The country's interior ministry (BMI) claimed no data had been lost. Meanwhile, Aslan Neferler Tim (ANT) or "Lion Soldiers Team," a Turkish nationalist hacker group, claimed on Facebook that it carried out the attack. Austria's opposition to Turkey's EU membership has strained relations between the two states. In the past, ANT hackers have gone after perceived adversaries of the present Turkish government, including the pro-Kurdish Peoples' Democratic Party (HDP), the Austrian central bank (Oesterreichische Nationalbank), and an Austrian airport.

In May 2022, up to 3,000 systems in the Austrian federal state of Carinthia (Kärnten) responsible for processing passports, traffic fines, and Covid-19 tracing were taken offline in a major cyberattack. Using stolen credentials obtained via phishing attacks, the hackers breached the systems and encrypted data before demanding $5 million in ransom money. The criminals threatened to leak the data if the ransom demand wasn't met, but the state government was in no mood to placate the hackers. The hack has been attributed to the infamous BlackCat (aka ALPHV) ransomware group, itself a regrouping of DarkSide/BlackMatter cyber gangs associated with the attack on the Colonial Pipeline system in the US in May 2021.

Hackers conned the finance department of FACC, an aerospace parts supplier to clients like Airbus and Boeing, of $54.5 million in January 2016. Based on a spoofed email, seemingly from CEO Walter Stephan, an employee transferred the whopping sum to an overseas account! The company, whose majority owner is China's AVIC aviation group, said its production and engineering operations were not impacted by the breach, but stocks dropped 17%. The CEO of more than 17 years was immediately fired, and the company managed to recover $10.8 million from the criminals.

In early January 2020, Austria's Green Party (Die Grünen) decided to back the right-wing People's Party (Österreichische Volkspartei ), winner of the national elections, in a coalition government. The day the coalition deal was announced, the country's Ministry of Foreign Affairs (BMEIA) was the subject of a serious hack, prompting many to dub the attack as a politically motivated one. The hack started on the night of January 4, 2020, and went on for several days. The ministry described the incident as a "targeted attack by a state actor." The ministry said it had taken countermeasures promptly, adding "there is never 100 percent protection against cyberattacks."

In August 2017, a malware researcher based in Slovakia came upon a phishing scam targeting customers of Raiffeisen Bank. The deceptive operation gets customers to part with their usernames and passwords on a website that convincingly mimics the legitimate Raiffeisen Bank site. Next, the user is redirected to another webpage and prompted to download what looks very much like a Raiffeisen Bank security app, but is in reality a malicious software. The good part is that hardly 40 people had downloaded the malware by the time it was exposed.

With the proliferation of IoT devices, a determined hacker can get a foothold in an enterprise network via interconnected doors. The four-star Seehotel in Austria's Alps realized it the hard way after being hacked no less than four times between December 2016 and January 2017. It all started after the hotel's director clicked on what he thought was a link to his telecom bill, thus unwittingly allowing the concealed ransomware to execute. The hackers encrypted the hotel's electronic door keys and locked access to computers, eventually stealing 10 GB of data. The hotel reportedly shelled out nearly $1,900 in bitcoin to the hackers in ransom payment.

Austria's largest ISP, A1 Telekom, acknowledged in November 2019 that malware had infected its office, but the telecom was emphatic that its IT system, at large, was not at risk. A1 Telekom claimed to have detected the malware in December 2019, though it succeeded in flushing them out only in May 2020. In June 2020, the ISP said the attackers compromised some databases, adding that the criminals didn't succeed in stealing sensitive customer data because, as outsiders, they couldn't make sense of data relationships. However, a whistleblower claimed in June 2020 that the intruders had, in fact, downloaded massive amounts of customer data.

A 25-year-old hacker was arrested from an Amsterdam apartment in November 2022 after putting up personal data of almost every Austrian for sale on an online forum in May 2020. Police assume the data has irrecoverably passed into the hands of criminals. The Dutch hacker had exfiltrated the full name, gender, complete address, and birth date of presumably every citizen in Austria from the registration database that people typically fill in. The Central European country has a population of 9.1 million people, and there are 9 million sets of data in the hacker's data hoard, so the math adds up.

In January 2019, an investigative website reported that Austrian Post (Österreichische Post) was selling data on nearly 3 million of its customers to marketing companies and even political parties. The publicly owned postal service had sold names, addresses, age, and gender of people who send mail. Austrian Post staff even made well-informed guesses about customers' political allegiance and traded the data with political parties looking out for new members. In October 2019, Austrian Post was hit with a $20 million fine by the Austrian Data Protection Authority (Datenschutzbehörde) for collecting and selling data on customers' political preferences, and, by so doing, violating privacy regulations.

In July 2022, Microsoft called out Austria-based DSIRF as a "private sector offensive actor" linked to the development of a malicious tool set called Subzero. Using Subzero, the Austrian outfit has carried out hack-for-hire operations on law firms, banks, and strategic consultancies in the country, including on behalf of overseas clients. The target networks were breached via zero-day bugs in Windows and Adobe Reader. Subzero is a potent cyber weapon capable of automatically exfiltrating data from phones, computers, and Internet-connected devices, and targets observed to data include ones in Europe and South America, besides those in Austria.

Thanks for your time, and we'll be back with more cybersecurity updates. Meanwhile, you can address your queries and concerns about your organization's cybersecurity posture to our Cyberlands team.