Cyber Incident Victim: Netherlands Organization for Scientific Research
Date:
Feb 2021
Location:
Netherlands
Summary
The Netherlands Organization for Scientific Research suffered a cyberattack compromising its servers and rendering its network inaccessible, halting grant application processes. The organization confirmed all internal systems, including email and office software, became unavailable, though its public website remained unaffected. While acknowledging unauthorized access, the entity did not confirm ransomware involvement and withheld further details pending resolution of the incident. Operational recovery efforts were prioritized, with no timeline provided for restoring services or identifying the responsible threat actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around February 15, 2021, the Netherlands Organization for Scientific Research (NWO) experienced a cyberattack that disrupted its operations. Threat actors compromised NWO’s servers, rendering the network inaccessible and forcing the organization to halt grant application processing. Internal systems, including email accounts for NWO, Regieorgaan SIA, and Regieorgaan NRO, became unavailable, and staff could not access office software such as Outlook. The NWO.nl website remained operational and unaffected by the breach. NWO publicly confirmed the hack but did not disclose whether ransomware or data theft occurred, nor did it attribute responsibility to any specific threat actor. The organization stated it would not answer further questions until resolving the incident, focusing efforts on restoring systems.
The attack caused significant operational paralysis, with no timeline provided for full recovery. NWO emphasized that all applications running on its network were inaccessible during the outage, directly impacting scientific research funding workflows. No evidence suggested public-facing website compromise or data exfiltration at the time of reporting. Containment efforts prioritized resolving immediate technical issues, though the organization did not detail specific remediation steps taken. The incident underscored vulnerabilities in critical research infrastructure, though its full financial or reputational consequences remained unquantified in initial disclosures.