Cyber Incident Victim: ÖVP, Neos, KPÖ

On September 29, 2024, during Austria’s National Council election day, multiple Austrian political parties experienced distributed denial-of-service (DDoS) attacks targeting their websites. This marked the second wave of such incidents within a week, following similar disruptions against the ÖVP, SPÖ, and KPÖ on or around September 22. The latest attacks impacted federal and state-level digital infrastructure belonging to the ÖVP (Austrian People’s Party), Neos (The New Austria), and KPÖ (Communist Party of Austria). Parties confirmed the disruptions on Sunday, with Neos reporting approximately 50% of its webpages rendered inaccessible during the incident. The attacks exclusively targeted online presences and did not compromise the physical or administrative processes of the election itself.

The operational impact centered on website availability, disrupting public access to party information during a critical electoral period. No data breaches, defacements, or malware deployments were reported, indicating a focus on temporary service disruption rather than data exfiltration or persistent compromise. Parties acknowledged the attacks publicly but did not disclose technical mitigation measures or attribute responsibility. The recurrence of attacks within a week suggested a coordinated effort against multiple political entities, though the identity and motives of the perpetrators remained unconfirmed. Service restoration timelines were unspecified, but the confirmation of incidents on election day highlighted ongoing vulnerabilities in political organizations’ digital infrastructure during high-stakes events.