Cyber Incident Victim: Radio FM1
Date:
Mar 2023
Location:
Switzerland
Summary
A cyberattack targeting CH Media's servers disrupted technical operations at Radio FM1, forcing employees to halt affected computers and switch to remote work. During a prolonged on-air shift, a moderator improvised by manually playing available tracks after systems failed, later receiving music files via email from colleagues as workarounds continued. Listeners provided morale support and sent food to the studio during the outage. The station relocated afternoon programming to a backup facility in Zurich while recovery efforts remained ongoing, with widespread service interruptions across multiple CH Media locations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of March 24, 2023, Swiss private radio station FM1 experienced a severe disruption during its broadcast due to a large-scale cyberattack targeting CH Media's infrastructure. Moderator Katerina Mistakidis recognized technical anomalies shortly after initiating her Friday morning program when critical systems abruptly ceased functioning. The station's primary servers were rendered inoperable by the attack, forcing Mistakidis to improvise her seven-hour marathon broadcast without standard production tools. CH Media instituted an immediate containment protocol that prohibited employees from restarting computers across multiple affected locations, prompting significant operational changes including widespread shifts to remote work. With music playback systems disabled, Mistakidis initially resorted to extended spoken commentary until technical staff manually loaded emergency backup music loops from secondary systems. This temporary solution allowed limited musical interludes between segments but proved unstable as technical complications persisted throughout the morning broadcast window. The disruption expanded beyond FM1, impacting numerous CH Media properties and revealing systemic vulnerabilities across the organization's networked infrastructure.
FM1's programming team implemented adaptive measures to sustain broadcast continuity amid the ongoing crisis. Music editors transmitted requested audio files directly to the studio via email when pre-loaded tracks were exhausted, enabling Mistakidis to manually queue songs through alternate playback methods. Listeners actively supported the improvised broadcast, sending motivational messages and surprise deliveries including a prosciutto pizza and Swiss pastries to sustain the crew. The station partially restored operations that afternoon by relocating to backup facilities in Zurich, though CH Media provided no definitive timeline for full system restoration. Technical teams remained engaged in damage assessment and containment efforts throughout the incident, with no public confirmation of whether ransomware or data exfiltration occurred. The cyberattack demonstrated tangible impacts on live broadcasting capabilities while highlighting FM1's reliance on listener engagement to overcome critical infrastructure failures.