Cyberwarfare / Nation-State Attacks
,
Email Security & Protection
,
Fraud Management & Cybercrime
No Law Enforcement Information or Austrian Personal Data Compromised, Officials Say

The Austrian government said attackers breached 100 government email accounts and stole data.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Austria’s Ministry of the Interior, known as the BMI, said the breach traced to a “targeted and professional cyberattack” against it, perpetrated several weeks ago.
The BMI, which is chiefly responsible for safeguarding the country’s public security, said its IT operations unit “detected signs of irregularities in one of the ministry’s office IT systems” that it’s been investigating, and recently determined that these irregularities were traced to a hack attack and the theft of an unspecified type and quantity of data.
The ministry said it disconnected relevant ministry systems from the internet on Saturday “to conduct a comprehensive and complete cleanup and secure the systems,” and that backup communication measures are in place inside the BMI as well as with law enforcement agencies.
Investigators said they have now confirmed that attackers gained unauthorized access to the BMI’s mail server. Out of approximately 60,000 email accounts, attackers breached about 100 of them. The ministry said it’s notified all of the affected accountholders.
In a Saturday press briefing, Austrian Interior Minister Gerhard Karner said the attack exposed no Austrian’s personal data. He said a full investigation, being led by the Austrian Federal Criminal Police Office’s cybercrime center and also involving the public prosecutor’s office, is now underway.
The BMI also said the hack attack didn’t affect police operations or expose any law enforcement data.
“Our security experts are currently conducting extensive investigations, particularly with regard to attack vectors,” the ministry said, adding that some services will continue to be disrupted, pending restoration efforts.
Government officials have yet to attribute the attack to any hacking group or nation-state, and haven’t detailed what mail system the BMI uses.
Last month, Jen Easterly, the former director of the U.S. Cybersecurity and Infrastructure Security Agency, told Information Security Media Group that the “big four” – China, Russia, Iran and North Korea – continue to pose the biggest cyberthreat to the West.
Many attacks that target government email accounts have involved hackers – oftentimes tied to Beijing – infiltrating Microsoft Exchange Server software running on-premises as well as in the cloud, sometimes using zero-day vulnerabilities. (see: Microsoft Warns of Hybrid Exchange Deployment Flaw).
News of the breach of Austrian government email accounts comes just days after the Five Eyes intelligence alliance and cyber agencies in Europe and Japan warned that global espionage campaigns linked to the Chinese state-backed group Salt Typhoon breached telecommunications firms in 80 different countries. The group regularly exploits telecom and critical infrastructure networks by exploiting vulnerabilities in edge devices (see: Chinese Telecom Hackers Strike Worldwide).
Dutch military intelligence on Thursday said Salt Typhoon in late 2024 compromised multiple internet service and hosting providers in the Netherlands as part of a “large-scale Chinese cyberespionage campaign.”
In addition to Chinese groups, Western cyber agencies have also reported seeing a surge in cyber operations tied to Russian state-backed hackers linked to Moscow’s war of aggression against Ukraine (see: France Says Russia Is Top Threat, Warns of ‘Open Warfare’).