Cyber Incident Victim: Carinthia
Date:
Jan 2024
Location:
Austria
Summary
A company in Ybbstal fell victim to a cyberattack where unauthorized actors compromised its email account through IP addresses linked to France. The perpetrators sent a fraudulent payment request from the hijacked account to a business client, specifying a falsified IBAN. The deceived customer transferred approximately €95,000 in outstanding invoice payments to the provided account, resulting in funds being routed to a Portuguese bank account. This incident caused significant financial losses through manipulated banking details and illicit fund diversion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around January 1, 2024, unidentified threat actors compromised the email account of a business based in Ybbstal, Austria. The attackers repeatedly accessed the account using IP addresses traced to France. After gaining control of the email system, the perpetrators crafted and sent a fraudulent payment request from the compromised account to one of the company’s business clients. This deceptive email contained altered banking details, specifically substituting a fraudulent IBAN for legitimate account information. The recipient, believing the communication to be authentic from their trusted partner, processed the payment as instructed.
The victimized client transferred the outstanding invoice amount—totaling approximately 95,000 euros—to the specified account. Funds were routed to a bank account in Portugal before the fraud was detected. The incident resulted in a confirmed financial loss of 95,000 euros for the affected parties. No recovery of funds or apprehension of suspects was reported at the time of disclosure. The attack methodology relied exclusively on email account compromise and social engineering rather than direct network intrusion or malware deployment. Austrian authorities investigated the incident but disclosed no technical details about the email system’s security measures or forensic findings beyond the French IP addresses.