Cyber Incident Victim: Österreichische Volkspartei

On September 23, 2024, the Austrian People's Party (ÖVP) experienced a distributed denial-of-service (DDoS) cyberattack targeting its digital infrastructure. The federal party and its Tyrolean state branch (Tiroler Landespartei) confirmed the incident following APA inquiries, characterizing it as an attempt to overwhelm their network resources and disrupt operations. Attackers simultaneously targeted the Social Democratic Party of Austria (SPÖ), whose website became intermittently inaccessible according to the party's X (formerly Twitter) communications. The Tyrolean ÖVP's homepage was temporarily offline during the attack, though officials emphasized no data exfiltration occurred. Technical disruptions extended beyond these confirmed cases, with at least one additional ÖVP state party website experiencing prolonged downtime, suggesting broader targeting across the party's regional infrastructure.

ÖVP and SPÖ IT teams implemented immediate countermeasures to mitigate the attacks. The ÖVP successfully repelled the DDoS attempt, preventing sustained operational disruption at the federal level. Tyrolean ÖVP State Manager Florian Klotz reported continuous coordination with their IT service provider to fully restore website functionality, noting teams worked "with high pressure" to resolve residual technical issues. Service restoration timelines varied across affected entities, with some regional party sites requiring extended recovery efforts. The SPÖ restored website accessibility after temporary outages but did not disclose technical remediation details. Consequences included intermittent public unavailability of critical political communication platforms during an active election period, though no operational or data compromise impacts were verified by either party.