Cyber Incident Victim: European Southern Observatory

On 17 May 2024, the European Southern Observatory (ESO) initiated a shutdown of multiple network and communication services to deploy a critical software upgrade addressing a cybersecurity incident. The organization restricted internal and external communications about the event to prevent interference with its response strategy. This proactive containment measure disrupted standard operational workflows, though ESO prioritized system integrity over service continuity during the initial phase. The IT team collaborated with external cybersecurity consultants to identify and eradicate malicious software across all institutional machines while investigating the attack's origin and full scope. No evidence suggested operational telescopes were compromised, as observatory functions operate on isolated networks separate from administrative infrastructure. Construction of the Extremely Large Telescope (ELT) similarly continued without disruption due to network segmentation.

By 21 May 2024, ESO restored email services and reactivated its public website, marking the first phase of recovery. Technical teams prioritized reinstating core communication channels before addressing ancillary systems like the ESO and ALMA Science Archives, which remained offline with restoration anticipated in subsequent days. The investigation remained active, focusing on forensic analysis of compromised devices and assessment of potential data exposure. ESO committed to notifying stakeholders if evidence emerged suggesting their information was affected. Throughout the incident, observatory data collection proceeded normally, underscoring the effectiveness of network isolation protocols. The organization maintained transparency within operational constraints, providing status updates through its official communication platforms as services resumed.