Cyber Incident Victim: Autonome Provinz Bozen - Südtirol
Date:
Jun 2025
Location:
Italy
Summary
The Autonome Provinz Bozen - Südtirol suffered a cyberattack that disrupted telephone systems at the State Traffic Information Center, State Emergency Call Center, Fire Department headquarters and State Radio Service. Although emergency call lines remained accessible to the public, traffic reporting and infomobility services were affected and many processes had to be handled manually. A ransom note was left in the compromised systems but was not paid. Authorities identified and contained the intrusion, and recovery efforts are underway to restore full functionality.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the evening of June 23, 2025, technical problems were first detected in the telephone systems of several provincial control centers. The affected systems included the State Traffic Information Center, the State Emergency Call Center, the headquarters of the Professional Fire Brigade, and the State Radio Service. The disruption primarily involved telephone systems or parts thereof, leading to impaired traffic reporting data and affected infomobility services. Despite the impairments, all emergency call centers remained accessible by phone and there were no restrictions on emergency calls for the public. A ransom demand was later placed in the contaminated facilities, which authorities confirmed had not been met. The initial detection prompted the deployment of the communications system to manage the situation. By the morning of June 24, the provincial authorities issued a press release describing the ongoing technical issues. The press release noted that the outage was impacting traffic reporting and infomobility services while emergency communications remained functional. Officials emphasized that the public should expect continued service for emergency calls despite the disruptions. The situation was monitored closely as investigations into the cause began.
Later on June 24, at a briefing held at 5:30 p.m., officials stated that the problem had been identified and completely contained. They reported that major damage had been prevented in the early stages by the immediate activation of appropriate procedures. Work to resolve the disruptions was ongoing around the clock, with additional staff deployed to the State Emergency Call Center to handle processes manually. By the afternoon, the traffic reporting and information mobility services at the State Traffic Information Center were reported to be functioning again. The ransom demand placed in the contaminated facilities remained unmet, and authorities continued to survey the extent of the impact. All official communications regarding the incident were being made through the designated provincial channel. The Governor and State Councilor for Civil Protection, Arno Kompatscher, had earlier confirmed that the system outage was caused by a cyberattack. Responsible authorities and the public prosecutor's office had been informed immediately after the detection. The Civil Protection Agency and the South Tyrolean Health Service committed to providing further information as the situation evolved. The public was asked for their understanding while the restoration efforts continued.