In an interview with RTL, Pascal Steichen, Director of the House of Cybersecurity, confirmed that the major outage at Luxembourg's Post on 23 July was caused by a deliberate and sophisticated cyberattack, warning that such incidents are increasingly common and complex to trace.
It has now been confirmed that the significant disruption at Luxembourg's Post on 23 July was caused by a cyber attack. The incident seriously affected telecommunications services, to the point that emergency response systems and the Grand-Ducal Fire and Rescue Corps were also impacted.
In light of the incident, RTL spoke with Pascal Steichen, director of the House of Cybersecurity, for insights into the cyberattack.
Two broad categories of cyberattacks
According to Steichen, cyber attacks generally fall into two broad categories: those aimed at stealing confidential data and those that target the availability of data infrastructure. In this case, he explained, the 23 July incident clearly fell into the latter category.
Steichen warned that the investigation would take time, noting that the technical structure of the internet and digital platforms has been layered over decades. He explained that cybersecurity specialists now have to examine each layer and their interconnections, representing an enormous and painstaking task, which he described as almost Sisyphean.
The origin of the attack, how it unfolded, and who was behind it remain under investigation. Steichen characterised the 23 July incident as a major and sustained cyberattack. From the impact, he said, it was clear the goal was to disrupt system functionality rather than steal data.
The fact that it was able to disable telecommunications – systems that are designed to run continuously with fallback protections – underscored its severity, according to Steichen.
He also emphasised that this incident is likely just the visible tip of a much larger iceberg. "Luxembourg is no island", he stressed, pointing out that the House of Cybersecurity assists organisations with thousands of cyber incidents every year. Of those, around 30 to 40 are considered major, yet only a handful are made public.
As he noted, most affected parties prefer to keep such attacks out of the spotlight.
Russia and China: Major 'sponsors' of hack groups
Tracing the source of these attacks is notoriously difficult, Steichen explained. He noted that two countries frequently linked to such operations are Russia and China. According to Steichen, there are known groups with ties – direct or indirect – to these governments.
However, he explained that because of the distributed and global nature of the internet, these groups rarely launch attacks from their home territory. Instead, he said, they exploit systems in third countries, masking their origin.
Steichen elaborated further that tracking such an attack often means tracing it back through as many as five to eight countries, which necessitates strong international cooperation and the ability to liaise with local cybersecurity teams.
He noted that in most cases, the motive is financial, especially when data is stolen, which explains why Luxembourg's financial sector is a frequent target. In other cases, the motive may be geopolitical, or come from so-called "hacktivists" seeking attention or personal notoriety, Steichen stated.
Post: A sophisticated and targeted attack
Two days after the incident, and only one day after a press conference where Post management had ruled out a cyber attack, a public statement confirmed that the outage was indeed the result of a cyber attack.
The attack was described as "advanced and sophisticated" in technical nature. According to Post, the perpetrators exploited a vulnerability in standardised software components.
Post director Claude Strasser stated that at the time of the incident there were no immediate indicators suggesting a cyberattack had taken place.
