Cyber Incident Victim: Oesterreichische Nationalbank

On September 9, 2016, the Oesterreichische Nationalbank (OeNB) experienced a cyberattack attributed to the Turkish hacker group Aslan Neferler Tim (Lion Soldiers Team). The attackers executed two separate denial-of-service attempts targeting the bank’s web servers, culminating in temporary disruption of its online services. Unlike conventional DDoS attacks, the group flooded the bank’s infrastructure with over five million emails per minute during a Friday night assault. Bank officials confirmed the attacks occurred but emphasized that no sensitive data or internal systems were compromised. Christian Gutlederer, the bank’s spokesperson, publicly disclosed the incident days later, clarifying that the hackers only succeeded in causing intermittent website downtime. The group claimed responsibility via Twitter, acknowledging limited success in disrupting services "for a while" and vowing further attacks against Austrian entities.

This incident formed part of a broader campaign by Aslan Neferler Tim against Austrian infrastructure, following a September 3, 2016, attack on Vienna International Airport’s website. The group cited political grievances tied to Austria’s opposition to Turkey’s European Union membership bid and its response to the failed Turkish coup earlier that year, which had prompted Turkey to recall its ambassador from Vienna. OeNB’s technical teams mitigated the attack without external assistance, maintaining operational continuity for core banking functions despite the website disruption. No financial losses, data breaches, or persistent system compromises were reported. The bank’s public communications focused on downplaying the incident’s severity while acknowledging the ongoing threat posed by the hackers’ declared intent to target additional Austrian public and private organizations.