Przejdź do treści

EU Media Reporting Tracker

Online report updated monthly

scroll down

Our tracker covers non-paywalled articles from:

news outlets
0

in

EU member states
0

The tracker analyses the extent to which these media report on cyber incidents, compared to other sources, including reports from IT companies, governments, and social media. It covers incidents added to the database since January 2023.

The data provides insights into the disparities/similarities between the cyber security expert community and the mainstream media, which continues to play a crucial role in shaping public perception in European societies.

Cyber incidents receive limited attention in the mainstream EU media

Overall, only 5.5% of cyber incidents recorded by EuRepoC since January 2023 were also reported in the tracked EU media.

This figure increases when looking only at cyber incidents that targeted EU member states, but still remains low at 14.6%.

Percentage of cyber incidents reported by EU media
out of all incidents recorded by EuRepoC

All incidents     Incidents targeting EU member states

Number of cyber incidents reported by media country and targeted country

We see a lack of Europeanised reporting on cyber incidents

The EU media tend to report cyber incidents where their own country was targeted or cyber incidents targeting non-EU member states – particularly the United States. Very few outlets report cyber incidents targeting other EU member states. This is partly due to the comparatively high vulnerability of US targets to cyberattacks, but also to a particularly high number of US actors first reporting on cyber incidents, whose reports are then picked up by EU media.

The heatmap to the right shows the number of incidents reported by outlets in the 9 EU member states covered by this analysis by targeted country.

DDoS/Defacement operations are over reported

Since January 2023, 33% of incidents reported by the media were DDoS operations, whereas these operations only represent 16.5% of all operations added to the database over the same period (green bar).

Other less visible incidents (e.g. hijackings or data theft), are underreported (red bar), despite often having more severe socio-economic consequences than DDoS/defacement attacks. This is significant as the increased attention given to DDoS attacks can play in the hand of the attackers. It can lead to a distorted threat perception of European citizens as well as a misallocation of public cybersecurity resources.

Difference between EU media coverage of different operation types vs.
their actual share of the EuRepoC database

Use the dropdown menu on the top left of the graph to display the figure for specific months and/or only for incidents targeting EU member states.

There's a significant delay between the start of a cyber incident and its media coverage.​

On average, incidents are reported 6 months after they initially take place. The delay ranges from a few months to as long as 53 months—approximately 4 years—in some cases. This time lag is indicative of the time often required for a cyber incident to be detected and/or disclosed by the affected parties.

DDoS/defacement and wiper operations are reported much quicker than other types of operations, as due to their disruptive effects, they are necessarily designed for timely detection, also by third parties outside of the target organisation.

Number of months between the start of an incident and the media report

To zoom into a specific area of the graph, select the area using the cursor. Double-click on the graph to reset back to the default zoom settings.

Media reporting on cyber incidents linked to the Russia-Ukraine conflict has a strong national focus.

Since January 2023, we recorded 112 cyber incidents linked to the Russia-Ukraine conflict, of which only 12% (13) were reported in the EU media covered under this analysis.

The EU media mainly reported incidents linked to the conflict when EU member states were affected – particularly their own member state. Specifically, 10 of the 13 reported incidents targeted EU member states, 8 of which the country of the reporting media outlet. On the other hand, none of the incidents targeting Ukraine were reported and only 2 of those targeting Russia.

Number of cyber incidents linked to the Russia-Ukraine conflict by targeted country

Cyber incidents reported in the EU media since January 2023

The table below displays details on all the cyber incidents reported by the 30 EU media outlets covered by this analysis, for incidents added to the EuRepoC database since January 2023.

Incident ID Name Start date Target country(ies) Initiator country(ies) Incident type(s) Reported date(s) Reporting media
2620Unknown threat actors targeted telecommunications provider IFX Networks, causing the paralysis of over 30 government websites in Colombia and numerous other Latin American countries on 12 August 2023Sep 2023ChileNot availableRansomwareSep 2023Spain - El Pais
Spain - El Pais
2580Ransomware group 'Lockbit' disrupted Seville City Council's computer systems beginning on 5 September 2023Sep 2023SpainNetherlandsRansomwareSep 2023Spain - El Mundo
Austria - Kleine Zeitung
2546FBI disrupted Qakbot control infrastructure and removed Qakbot malware from infected computersAug 2023Not availableUnited StatesHijacking with MisuseAug 2023
Sep 2023		Spain - El Pais
Germany - Frankfurter Allgemeine Zeitung
2522Pro-Russian hacktivist group 'NoName057(16)' disrupted websites of various Spanish media outlets on 25 July 2023Jul 2023SpainRussiaDisruptionJul 2023Spain - El Pais
2519Iranian state-sponsored hacking group 'Charming Kitten' gained access to emails of Iranian expat Dr. Mansour Sohrabi beginning in October 2022Oct 2022GermanyIran, Islamic Republic ofHijacking without MisuseAug 2023Germany - Frankfurter Allgemeine Zeitung
Germany - SPIEGEL Online
2477Rhysida Ransomware Group executes ransomware attack on Prospect Medical Holdings Inc. causing disruption to computer systems at several US healthcare facilities on 3 August 2023Aug 2023United StatesNot availableRansomwareAug 2023Spain - El Mundo
2427Chinese threat actor Storm-0558 gained access to email accounts of about 25 organisations, including government agencies, starting on 15 May 2023May 2023Not availableChinaHijacking with MisuseJul 2023Spain - El Pais
Denmark - Jylands Posten
Denmark - Politiken
Spain - El Mundo
Germany - Frankfurter Allgemeine Zeitung
Austria - Kleine Zeitung
2388Russian hackers gained access to a single-digit number of email inboxes of board members of the Social Democratic Party of Germany (SPD) in January 2023Jan 2023GermanyRussiaHijacking without MisuseJun 2023Germany - SPIEGEL Online
2355Alleged Russian false-flag operation Anonymous Sudan disrupted at least three Microsoft services with DDoS attacks in the second week of June 2023Jun 2023United StatesRussiaDisruptionJun 2023Spain - El Pais - Science & Tech
2353Suspected Chinese threat actor UNC4841 exploited zero-day vulnerability in Barracuda Email Security Gateway to conduct espionage against victim organisations in at least 16 countries since 10 October 2022Oct 2022BurundiChinaHijacking with MisuseJun 2023Spain - El Pais - Science & Tech
2317Alleged Anti-NATO hacktivist group CyberTriad disrupted electronic systems and parking services of the City of Bratislava during GLOBSEC conference on 31 May 2023May 2023SlovakiaNot availableDisruptionJun 2023pan-EU - Euractiv (news)
2316Federal Security Service of the Russian Federation (FSB) accused US National Security Agency (NSA) of spying on Apple iPhones of unspecified Russian users and diplomats of various countries in RussiaRussiaUnited StatesHijacking with MisuseJun 2023Spain - El Mundo
pan-EU - Euractiv (news)
2277Chinese threat actor BackdoorDiplomacy allegedly hacked Kenyan government targets during 2019 and 2023Jan 2019KenyaChinaHijacking without MisuseMay 2023pan-EU - Euractiv (news)
2276Chinese state-sponsored hacking group Volt Typhoon gained access to a variety of critical infrastructure organizations on Guam and the US mainland beginning in mid-2021Jan 2021GuamChinaHijacking with MisuseMay 2023Spain - El Pais
Denmark - Jylands Posten
Denmark - Jylands Posten
Germany - SPIEGEL Online
Netherlands - Volkskrant
2271Mexican military suspected to have spied on cell phones of Mexican Undersecretary for Human Rights and two other government officials using Pegasus spyware until 2022MexicoMexicoHijacking with MisuseMay 2023
Jul 2023		Spain - El Pais
Spain - El Pais
2243Several websites of the Danish Ministry of Defence and affiliated entities hit by DDOS attacks on 12 May 2023 May 2023DenmarkNot availableDisruptionMay 2023Denmark - Politiken
2225FBI disrupted malware network of the eponymous Russian state-sponsored hacking group Snake on US computersRussiaUnited StatesHijacking with MisuseMay 2023Spain - El Pais - International
2196ALPHV/BlackCat ransomware group gained access to computer systems of US computer hardware manufacturer Western Digital and stole both corporate and customer information as early as 26 March 2023Mar 2023United StatesNot availableRansomwareApr 2023Spain - El Mundo
2166Austrian manufacturer of instruments for laboratories and process analysis technology and automation and robotics solutions was targeted by cyber-attack in April 2023Apr 2023AustriaNot availableDisruptionApr 2023Austria - Kleine Zeitung
2159The Mexican military hacked two Mexican human rights activists with Pegasus spyware beginning in June 2022Jun 2022MexicoMexicoHijacking without MisuseMay 2023Spain - El Pais
Spain - El Pais
2145Unknown actors carried out a ransomware attack over Easter 2023 against the German shipbuilding company LürssenApr 2023GermanyNot availableRansomwareApr 2023Germany - Frankfurter Allgemeine Zeitung
2126Pro-Russian hacker group NoName057(16) suspected of having disrupted websites of public German state institutions on 4 April 2023Apr 2023GermanyNot availableDisruptionApr 2023Germany - Frankfurter Allgemeine Zeitung
2123The 19-year-old hacker Jose Luis Huertas gained access into the Judicial Neutral Point and used it to target other Spanish public institutions since at least November 2022Nov 2022SpainSpainHijacking without MisuseMay 2023
Apr 2023		Spain - El Pais
Spain - El Pais
2100Pro-Russian hacker group NoName057(16) disrupted the website of French National Assembly on 26 March 2023Mar 2023FranceRussiaDisruptionMar 2023pan-EU - Politico EU
2043Website of German defence company Rheinmetall targeted by DDoS attack on 7 March 2022Mar 2023GermanyNot availableDisruptionMar 2023Germany - Sud Deutsche
2022Mayor of the Polish city of Sopot, Jacek Karnowski, targeted by Pegasus spyware during 2018-2019 at alleged direction of Poland`s Central Anticorruption BureauNov 2018PolandPolandHijacking with MisuseMar 2023Poland - Gazeta Wyborcza
2020Ransom House Group conducted a ransomware attack against the Hospital Clínic in Barcelona on 5 March 2023Mar 2023SpainNot availableRansomwareJun 2023
Apr 2023
Mar 2023
Jul 2023		Spain - El Pais
Spain - El Pais
Spain - El Pais
Spain - El Pais
Spain - El Pais
Spain - El Pais
Spain - El Pais
Spain - El Pais
2030Russian oil depot in Belgorod allegedly target of offensive cyber-sabotage operation by Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO) at April 1, 2022Apr 2022RussiaUkraineHijacking with MisuseMar 2022pan-EU - Euro News
1942Suspected Ukrainian hackers disrupted a Russian satellite operator and played fake air raid alerts on several Russian radio stations on 22 February 2023Feb 2023RussiaUkraineHijacking with MisuseMar 2023Italy - La Stampa
1905Unknown actors used Pegasus software to spy on four Mexican Public Defender's Office officials in 2021May 2021MexicoNot availableNot availableFeb 2023Spain - El Pais
1903Hacktivist group Edalate Ali briefly interrupted broadcast of Iranian President Ebrahim Raisi's speech on the 44th anniversary of the Iranian Revolution on 11 February 2023Feb 2023Iran, Islamic Republic ofNot availableHijacking with MisuseFeb 2023Italy - La Stampa
1891Iranian state-sponsored hacking group NEPTUNIUM is suspected of stealing personal information from Charlie Hebdo subscribers and defacing its website in January 2023FranceIran, Islamic Republic ofHijacking with MisuseFeb 2023Denmark - Jylands Posten
France - Le Monde
France - Les Echos
1867Pro-Russian hacktivist group Killnet disrupted several hospital websites in Europe in January 2023Jan 2023PolandRussiaDisruptionJan 2023pan-EU - Euro News
Netherlands - Volkskrant
1861FBI infiltrated and dismantled ransomware group Hive beginning in July 2022Jul 2022Not availableUnited StatesHijacking with MisuseJan 2023Denmark - Jylands Posten
Spain - El Mundo
Germany - Sud Deutsche
1863Pro-Russian hacktivists group Killnet disrupted the websites of German private and state entitites on 25 January 2023Jan 2023GermanyRussiaDisruptionJan 2023Germany - Sud Deutsche
Germany - Die Welt
1835Denmark`s central bank and seven other private banks have been targeted with a DDoS attack on January 10, 2023 by pro-Russian hacktivist group NoName057(16)Jan 2023DenmarkNot availableDisruptionFeb 2023
Jan 2023		Estonia - Postimees
Denmark - Politiken
Denmark - Politiken
1825Suspected cyberattack against the public administration and utilities of the German city of Potsdam December 2022Dec 2022GermanyNot availableHijacking without MisuseDec 2022Germany - SPIEGEL Online
Germany - SPIEGEL Online
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

Note on methodology

This analysis only covers media articles that are not behind a paywall.

Each source is scanned daily and automatically as part of the general EuRepoC data collection methodology. We cover the media sections on national and international politics and columns on cybersecurity/technology (see table below).

Please note that EuRepoC only considers cyber incidents that have a political dimension. It is possible that the EU media outlets covered by this analysis reported on additional cyber incidents outside the scope of the EuRepoC project.

Sources

Member State Media Links
AustriaDie Pressehttps://www.diepresse.com/innenpolitik
https://www.diepresse.com/ausland
https://www.diepresse.com/techscience
AustriaDer Standardhttps://www.derstandard.at/inland
https://www.derstandard.at/international
https://www.derstandard.at/web/netzpolitik/itsecurity
AustriaKleine Zeitunghttps://www.kleinezeitung.at/politik/index.do
https://www.kleinezeitung.at/international/index.do
https://www.kleinezeitung.at/wirtschaft/index.do
DenmarkBerlingskehttps://www.berlingske.dk/nyheder/politik
https://www.berlingske.dk/nyheder/internationalt
DenmarkJylands Postenhttps://jyllands-posten.dk/politik/
https://jyllands-posten.dk/international/
https://jyllands-posten.dk/?tags=tag%3Ahele_sagen.jp.dk%2C2011%3AIt-sikkerhed
DenmarkPolitikenhttps://politiken.dk/indland/
https://politiken.dk/udland/
https://politiken.dk/viden/Tech/
EstoniaEesti Päevalehthttps://epl.delfi.ee/kategooria/67583608/uudised
EstoniaPostimeeshttps://news.postimees.ee
FranceLe Mondehttps://www.lemonde.fr/politique/
https://www.lemonde.fr/international/
https://www.lemonde.fr/cybercriminalite/
https://www.lemonde.fr/securite-informatique/
FranceLe Figarohttps://www.lefigaro.fr/
https://www.lefigaro.fr/international
https://www.lefigaro.fr/secteur/high-tech
FranceLes Echoshttps://www.lesechos.fr/monde
https://www.lesechos.fr/tech-medias
GermanyDer SPIEGELhttps://www.spiegel.de/politik/deutschland/
https://www.spiegel.de/ausland/
https://www.spiegel.de/thema/cybercrime/
https://www.spiegel.de/thema/cyberwar/
GermanyDie Welthttps://www.welt.de/politik/
https://www.welt.de/themen/cyberwars/
GermanyFrankfurter Allgemeine Zeitunghttps://www.faz.net/aktuell/politik/
https://www.faz.net/aktuell/technik-motor/thema/it-sicherheit
GermanySüddeutsche Zeitunghttps://www.sueddeutsche.de/politik
https://www.sueddeutsche.de/thema/Wirtschaft
https://www.sueddeutsche.de/thema/Digital
ItalyCorriere della Serahttps://www.corriere.it/politica/
https://www.corriere.it/cronache/
ItalyIl Sole 24 Orehttps://www.ilsole24ore.com/sez/mondo
https://www.ilsole24ore.com/sez/italia
https://www.ilsole24ore.com/sez/tecnologia/cybersicurezza
ItalyLa Stampahttps://www.lastampa.it/politica/
https://www.lastampa.it/esteri/
NetherlandsDe Volkskranthttps://www.volkskrant.nl/
NetherlandsNRC Handelsbladhttps://www.nrc.nl/index/binnenland/
https://www.nrc.nl/index/buitenland/
NetherlandsDe Telegraafhttps://www.telegraaf.nl/nieuws
PolandGazeta Wyborczahttps://wyborcza.pl/0,173236.html#TRNavSST
https://wyborcza.pl/0,75398.html
https://wyborcza.pl/AkcjeSpecjalne/0,183960.html
PolandRzeczpospolitahttps://www.rp.pl/wydarzenia/swiat
https://www.rp.pl/wydarzenia/kraj
SpainABChttps://www.abc.es/espana/
https://www.abc.es/internacional/
https://www.abc.es/hemeroteca/resultados-busqueda-avanzada/noticia/dia-16-11-2022?alg=ciber+ransomware+malware+cyber
SpainEl Mundohttps://www.elmundo.es/espana.html
https://www.elmundo.es/internacional.html
https://www.elmundo.es/tecnologia.html
SpainEl Paishttps://elpais.com/espana/
https://elpais.com/internacional/
https://elpais.com/noticias/seguridad-internet/
SpainLa Vanguardiahttps://stories.lavanguardia.com/politica/
https://stories.lavanguardia.com/internacional
https://stories.lavanguardia.com/tecnologia
pan-EUEuractivhttps://www.euractiv.com
pan-EUEuro Newshttps://www.euronews.com
pan-EUEuro Topicshttps://www.eurotopics.net/en/4/dossier
pan-EUPolitico EUhttps://www.politico.eu
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

Download static PDF version

Start
Intro
Attention rate
Reporting level
Operation types
Coverage lag
All incidents
Methodology

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.