Cyber Incident Victim: Communist Party of Austria
Date:
Sep 2024
Location:
Austria
Summary
Cyberattacks disrupted multiple Austrian political parties' websites through distributed denial-of-service (DDoS) incidents around election day, affecting federal and state-level online presences of the Communist Party of Austria (KPÖ), ÖVP, and Neos. The attacks caused significant outages, including approximately half of Neos' sites becoming inaccessible, marking a recurrence of similar disruptions experienced by ÖVP, SPÖ, and KPÖ the prior week. While the incidents impaired party communications, authorities confirmed no threat to the actual election proceedings.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 29, 2024, during Austria’s Nationalratswahl (National Council election), multiple Austrian political parties experienced distributed denial-of-service (DDoS) attacks targeting their websites. The attacks affected federal and state-level online presences of the ÖVP (Austrian People’s Party), Neos (The New Austria), and the Communist Party of Austria (KPÖ). This incident occurred exactly one week after similar DDoS disruptions had temporarily disabled the websites of the ÖVP, SPÖ (Social Democratic Party), and KPÖ. The attackers remained unidentified, and their methods involved overwhelming the targeted sites with traffic to render them inaccessible. At Neos, approximately half of the party’s webpages were forced offline during the attack. Party representatives publicly confirmed the disruptions on election day, though the scale of downtime for the ÖVP and KPÖ was not quantified in available reports. The timing coincided with critical election-day operations, though authorities emphasized the attacks did not compromise the integrity of the voting process itself.
The primary impact was operational disruption, limiting parties’ ability to disseminate real-time election information or communicate with voters via their web platforms. No data breaches, defacements, or secondary attack vectors were reported, indicating a focus on temporary service disruption rather than data theft or system infiltration. The affected organizations did not disclose technical details about mitigation efforts, network resilience, or whether protective measures implemented after the prior week’s attacks had been adjusted. Similarly, no attribution claims or threat actor motivations were revealed in initial statements. The repetition of attacks within a week highlighted persistent vulnerabilities in the parties’ digital infrastructure, though electoral authorities reiterated that core voting systems remained isolated from these disruptions. Confirmation of the incidents came directly from the targeted parties, with no immediate reports of collateral damage to third-party services or voter-facing election infrastructure.