Security Awareness Advocate On Austria’s Foreign Ministry Targeted By ‘Serious’ Cyber Attack

By   ISBuzz Team
Writer , Information Security Buzz | Jan 06, 2020 03:59 am PST

Austria’s foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country.

The ministry said the seriousness of the attack suggested it might have been carried out by a “state actor”. The hack started on Saturday night and experts warn it could continue for several days.

A Russian group called Fancy Bear was suspected to have been involved and was blamed for a similar attack on the German parliament in 2015.

The full story can be found here:

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Hugo Van den Toorn
Hugo Van den Toorn , Manager, Offensive Security
January 6, 2020 12:05 pm

It is true that despite the precautions taken and all the controls in place, a motivated attacker can always find a way through an organisation’s defences. Although we see an increase in politically motivated attacks over the past few years, we should remain vigilant in blaming certain threat actors or nation-states. As we also see that attribution remains difficult with cyber-attacks, past attacks learn that adversaries will attempt to make their attacks look like other actors in an attempt to avoid taking the blame or to provoke conflicting parties.

Last edited 4 years ago by Hugo Van den Toorn
Javvad Malik
Javvad Malik , Security Awareness Advocate
January 6, 2020 12:02 pm

There\’s little information available at the moment as to the type and nature of cyber attack against the Austrian foreign ministry. However, Fancy bear, also known as Sofacy or APT28, has been operational for over a decade and typically targets political targets through phishing emails and credential harvesting through spoofed websites.

Once successful in its phishing attack, the group usually leverages droppers to install malware and maintain access.

The best defence against such attacks is to have an aware and engaged workforce that can identify and report any suspected phishing emails or spoofed sites which ask for credentials. Organisations can also implement measures such as multi factor authentication to prevent criminals from gaining access even if they have compromised the password.

Last edited 4 years ago by Javvad Malik

Recent Posts

Would love your thoughts, please comment.x