Austria summons Russia's ambassador and identifies Turla as the perpetrator of the cyberattack on the Foreign Ministry
Vienna, July 14, 2026
AI-generated image (z-image via Kie.ai)
Summary
Austria's Foreign Ministry summoned the Russian ambassador in Vienna on Tuesday and made clear that cyberattacks on Austria are unacceptable. The trigger is a declaration by all 27 EU member states that for the first time officially names the Russian hacker group Turla as the perpetrator of the attack on the Foreign Ministry around the 2019/2020 turn of the year.
Vienna, July 14, 2026
Austria's Foreign Ministry summoned the Russian ambassador in Vienna on Tuesday in order to convey Vienna's position on the cyberattacks recently attributed by the EU to the Russian hacker group Turla.
Diplomatic demarche in Vienna
The summoning took place on Tuesday in Vienna and forms part of a broader diplomatic reaction by European capitals. As the Foreign Ministry confirmed to APA and communicated citing a report by the newspaper "Die Presse," the Russian ambassador was told in no uncertain terms that cyberattacks on Austria are unacceptable. With the summoning, Vienna simultaneously conveyed the indication that the Russian Federation is being held responsible for the attacks.
The trigger for the diplomatic demarche was a declaration on Russian cyberattacks published the day before by all 27 EU member states. For the first time, it officially confirms that the Russian hacker group Turla is behind the cyberattack on Austria's Foreign Ministry around the 2019/2020 turn of the year. The EU announced this attribution on Monday and simultaneously imposed punitive measures against individuals and companies in Russia. According to the Foreign Ministry, besides Austria, Germany, Finland, France, the Netherlands, Poland, Romania, Slovakia, and Cyprus were also affected by the cyberattacks.
Background: Attack on the Foreign Ministry 2019/2020
The Viennese authorities needed several weeks before they could finally declare the attack over. As "Die Presse" reports, the attack on the IT system of the Foreign Ministry aimed to steal internal information with a Russia connection. According to the report, such data was in fact exfiltrated during the attack. The Foreign Ministry also stated that Turla is controlled by the 16th Center of the Russian intelligence service FSB.
Foreign Minister Beate Meinl-Reisinger (NEOS) made the severity of the threat clear in "Die Presse." She said: "Cyberangriffe bedrohen unsere Sicherheit: Wenn Zahlungssysteme ausfallen, Bahnsysteme oder Krankenhäuser angegriffen werden, betrifft das jeden und jede Einzelne." She also stressed: "Europa erlebt immer mehr solcher Attacken, und einer der Hauptakteure ist Russland." With regard to Vienna's stance, Meinl-Reisinger stated: "Die Öffentlichkeit hat ein Recht zu erfahren, woher die Bedrohung kommt. Deshalb verstecken wir uns nicht hinter diplomatischen Floskeln, sondern benennen die Verantwortlichen und reagieren."
Reactions from the federal government
The State Secretary responsible for state protection, Jörg Leichtfried (SPÖ), also condemned the Russian cyberattacks in the strongest terms. He described them as an attack on Austrian sovereignty, "with the long-term goal of manipulating public opinion and thereby destabilizing politics, business, and society." Leichtfried also announced legislative consequences: "Unser Ziel ist klar: bestehende Gesetzeslücken zügig schließen, um Österreicherinnen und Österreicher sowie internationale Organisationen künftig effektiv zu schützen."
The now-completed summoning of the Russian ambassador follows a pattern that has been applied in several European capitals in recent years when state-attributed cyberattacks on diplomatic missions or state infrastructure were suspected. With the public identification of the hacker group and the imposition of sanctions against natural and legal persons in Russia, the EU is simultaneously intensifying the pressure on Moscow.
EU-wide attribution and sanctions
Vienna had already emphasized immediately after the attack on the Foreign Ministry became known that this was not a simple case of espionage, but a long-term operation. The attackers gained access to internal systems over an extended period and were thus able to systematically extract data with a Russia connection. The attack could only be contained through a combination of forensic analysis, the isolation of affected systems, and exchanges with European security agencies.
With the attribution to the FSB-affiliated group Turla, Vienna joins a series of similar cases in which European states have assigned cyberattacks to state Russian actors in recent years. In earlier incidents, the intelligence services of several EU states had published technical indicators suggesting the involvement of Russian services. The joint declaration of all 27 EU member states now before us lends political weight to this assessment.
For Austria, the summoning of the ambassador is also a signal to its own public. Meinl-Reisinger had repeatedly stressed that citizens have a right to know the origin of the threat. With the public identification now carried out and the diplomatic demarche, the government is meeting this claim.
Domestic political consequences and legal gaps
It remains to be seen to what extent the EU sanctions against natural persons and companies in Russia will actually impair the operational capabilities of the Turla group. EU circles emphasize that the measures are part of longer-term pressure aimed at changing Moscow's behavior in cyberspace.
With regard to domestic policy, State Secretary Leichtfried announced that existing legal gaps in the area of state protection and cybersecurity would be closed swiftly. The background is the assessment that current legislation does not cover all facets of state-directed cyberattacks. Concrete draft laws have not yet been presented.
The coming weeks will also show whether Russia will respond to the summoning and the EU sanctions with its own diplomatic reaction. In the past, Russian authorities have consistently rejected accusations from Western states regarding cyberattacks.
Outlook on further developments
What is certain is that with the joint declaration on Monday, the EU has taken the clearest step to date toward publicly attributing state-directed cyber operations to Russian actors. The summoning of the Russian ambassador in Vienna is the immediate diplomatic consequence of this decision.
With the summoning, the Austrian side also conveyed the expectation that the Russian government will refrain from such operations in the future. Whether this expectation is met depends substantially on Moscow's further reaction.
"Die Presse" was the first to report on the summoning, and APA confirmed the procedure on Tuesday. With this, Vienna's diplomatic demarche is now documented beyond Austrian media as well.
Questions & Answers
Who summoned the Russian ambassador in Vienna?
Austria's Foreign Ministry summoned the Russian ambassador in Vienna on Tuesday and informed him that cyberattacks on Austria are unacceptable.
Which hacker group is being held responsible for the cyberattack on the Foreign Ministry?
According to a declaration by all 27 EU member states, the Russian hacker group Turla, which is said to be controlled by the 16th Center of the Russian intelligence service FSB, is considered the perpetrator of the attack around the 2019/2020 turn of the year.
Which countries, besides Austria, were affected by the cyberattacks?
According to the Foreign Ministry, besides Austria, Germany, Finland, France, the Netherlands, Poland, Romania, Slovakia, and Cyprus were also affected.
Austria summons Russia's ambassador – Turla hack | allfacts360