Cyber Incident Victim: SalzburgMilch
Date:
Jun 2021
Location:
Austria
Summary
A significant cyberattack targeted Austria's third-largest dairy, SalzburgMilch, causing a total IT system collapse after perpetrators changed all passwords. The incident disrupted operations, rendering order processing impossible and requiring intensive recovery efforts by experts. While the attack's resemblance to a prior ransomware incident at a German dairy was noted, no confirmed link exists, and the organization remained silent on potential ransom demands or negotiations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 22, 2021, SalzburgMilch, Austria’s third-largest dairy producer, experienced a significant cyberattack that disrupted its operations. The incident began on Tuesday evening when attackers compromised the company’s IT infrastructure and systematically changed all system passwords. This action triggered a complete breakdown of SalzburgMilch’s IT systems, rendering them inaccessible to employees and administrators. The password alteration prevented normal business operations, including order processing systems, which became non-functional. As a direct consequence, the dairy could no longer accept or manage customer orders, halting a critical revenue stream. The attack’s timing exacerbated operational challenges, occurring mid-week during regular business hours. SalzburgMilch did not publicly disclose initial details about the intrusion method or whether data theft occurred alongside the system lockdown. Internal technical teams and external cybersecurity experts immediately initiated damage assessment and recovery efforts, working to restore system access and operational continuity.
The incident drew attention due to SalzburgMilch’s market position and parallels to a May 2021 ransomware attack against Ehrmann SE, a major German dairy, though no confirmed link between the two incidents was established. SalzburgMilch’s management refrained from commenting on whether the attackers issued a ransom demand or if negotiations were underway, leaving the financial motives unconfirmed. The total IT outage persisted beyond the initial attack date, with recovery efforts focused on rebuilding compromised authentication systems and verifying system integrity. Operational impacts extended beyond order processing, though the full scope of affected internal systems remained unspecified in public reporting. No customer or supplier data breaches were disclosed during the initial response phase. The company maintained silence regarding potential data exfiltration, focusing public statements exclusively on restoration timelines and operational disruptions. Recovery work continued without detailed public updates on system restoration milestones or forensic findings.