Cyber Incident Victim: Edinburgh Trams
Date:
Sep 2023
Location:
United Kingdom
Summary
Edinburgh Trams experienced a cyberattack attributed to the international ransomware group NoName, prompting the precautionary takedown of its website while investigations and restoration efforts proceeded. The incident, also affecting Swiftcard and Mersey Ferries Limited, was reported to law enforcement authorities, who confirmed an ongoing investigation into the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 28, 2023, Edinburgh Trams publicly disclosed it had fallen victim to a cyber crime, prompting the immediate precautionary takedown of its official website. The organization characterized the event as a "potential cyber-attack" affecting its online presence, though operational tram services appeared unaffected based on available statements. Threat intelligence platform FalconFeeds attributed the attack to international ransomware group NoName, which simultaneously targeted Swiftcard and Mersey Ferries Limited—two other UK transportation entities—suggesting a coordinated campaign against infrastructure providers. The incident followed a July 2023 cyber crime affecting University of the West of Scotland systems, though no confirmed connection exists between these events. Edinburgh Trams initiated an internal investigation while working to restore website functionality, emphasizing efforts to minimize public disruption. Police Scotland confirmed receiving a report of the cyber incident at an Edinburgh business on September 28 and launched an ongoing investigation.
The attack’s primary confirmed impact centered on website unavailability, with no public evidence of data compromise or physical service interruptions. Organizational response involved standard incident containment protocols: isolation of affected systems through website deactivation and engagement of law enforcement. NoName’s involvement aligned with its established pattern of targeting transportation networks, though the group’s specific motives or ransom demands remained unconfirmed in official statements. Edinburgh Trams maintained public communication solely through alternative channels following website removal, avoiding detailed technical disclosures about attack vectors or compromised infrastructure. Police Scotland neither disclosed investigative findings nor attributed responsibility beyond acknowledging the incident’s occurrence. Restoration timelines for full website functionality remained unspecified as of the last reported statements.