Cyber Incident Victim: Luxembourg Government
Date:
Jan 2025
Location:
Luxembourg
Summary
Several Luxembourg government websites, including MyGuichet and LuxTrust, experienced temporary inaccessibility due to a distributed denial-of-service (DDoS) attack that disrupted services for approximately two hours. This incident follows a pattern of recent cyberattacks targeting the country's online infrastructure, including a prolonged two-week disruption earlier affecting multiple ministries and agencies where pro-Russian hackers claimed responsibility via Telegram. Authorities confirmed the latest attack but have not disclosed attribution details, maintaining that previous incidents were unrelated to geopolitical positions. The disruption highlights an ongoing trend of increased cyber threats against public sector entities, mirroring broader regional surges in such attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 10, 2025, multiple Luxembourg government websites experienced a Distributed Denial-of-Service (DDoS) attack that disrupted public access to critical online services. The State Information Technology Centre (CTIE) confirmed the incident began around 13:00 local time, rendering platforms including MyGuichet and LuxTrust inaccessible for approximately two hours. Attackers overwhelmed servers with automated traffic requests, preventing legitimate user access. CTIE restored functionality to all affected systems by 15:00 but disclosed no immediate details regarding attack origins or responsible parties. This marked the latest in a series of cyber incidents targeting Luxembourg’s digital infrastructure, following similar disruptions in October 2024 and a major sustained attack during spring 2024. Technical teams monitored systems continuously but did not publicly identify defensive measures taken during the January outage. Service restoration occurred without reported data breaches or secondary compromises of government networks.
The spring 2024 attack referenced by officials spanned two weeks between March and April, impacting high-profile entities including the ministries of finance and justice, national statistics agency Statec, and health fund CNS. Pro-Russian hacker groups claimed responsibility for that campaign via Telegram, framing it as a coordinated effort with allied cyber collectives. Luxembourg’s government rejected assertions linking the attack to its geopolitical stance on Ukraine while declining to formally attribute the incident. Cybersecurity firm Check Point reported an 82% year-over-year increase in global cyberattacks during Q3 2024, with financial institutions experiencing 723 weekly attacks per organization on average—contextualizing the recurring threats to Luxembourg’s systems. No ransomware demands, data exfiltration, or collateral damage to private sector systems were reported in connection with the January 2025 DDoS event.