Cyber Incident Victim: Austrian Parliament
Date:
Feb 2017
Location:
Austria
Summary
The Austrian Parliament's website was temporarily disrupted by a cyber attack claimed by the Turkish hacker group Aslan Neferler Tim (ANT), which stated the action was a response to perceived anti-Muslim sentiment in Austria. The group employed a distributed denial-of-service (DDoS) attack, overwhelming the server with requests and causing approximately 20 minutes of downtime, mirroring previous attacks on Austrian government ministries. ANT, which describes itself as defending Turkish national and religious interests, has a history of targeting entities including the pro-Kurdish HDP party, an Austrian airport, and the central bank. Authorities confirmed no data loss occurred and initiated an investigation into the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 7, 2017, Austria’s parliamentary authorities disclosed a cyber attack that disrupted their website for approximately 20 minutes over the preceding weekend. The Turkish hacker group Aslan Neferler Tim (ANT), also known as Lion Soldiers Team, publicly claimed responsibility for the incident through a Facebook post on Sunday afternoon. The group’s statement, written in Turkish and accompanied by a screenshot of the inaccessible parliamentary website, accused Austria of racism against Muslims and warned of a "harsh" reaction. ANT describes itself as defending Turkey’s homeland, Islam, nation, and flag while maintaining no formal political affiliations. Austrian parliamentary spokespersons confirmed the group’s claim and indicated they assumed ANT’s responsibility was credible based on available evidence. Technical analysis determined the attack as a distributed denial-of-service (DDoS) incident, where attackers overwhelmed parliamentary servers with excessive service requests to force downtime. This method mirrored a November 2016 attack targeting Austria’s Foreign Affairs and Defence Ministry websites, though no organizational connection between the two incidents was established. ANT’s Facebook page listed prior operations against Turkey’s pro-Kurdish Peoples’ Democratic Party (HDP), the Austrian Central Bank, and an unspecified Austrian airport, though details of those incidents were not provided in parliamentary statements.
The Austrian Interior Ministry launched an investigation into the attack but emphasized no data breaches or losses occurred during the incident. Parliamentary officials characterized the disruption as limited to temporary website inaccessibility without further infrastructural compromise. The attack occurred amid strained diplomatic relations between Austria and Turkey following President Erdogan’s post-coup crackdown in 2016, with Austria leading EU opposition to Turkey’s accession talks. While the parliamentary statement acknowledged DDoS attacks as common cyber threats, it did not disclose specific mitigation measures taken beyond routine investigative protocols. The disclosure coincided with reports of recent cyber attacks against the Vienna-based Organization for Security and Cooperation in Europe (OSCE), though Austrian authorities did not link these incidents to the parliamentary attack or ANT. No further claims of responsibility or additional attacks were reported by Austrian authorities following the initial disclosure.