EuRepoC EU Media Tracker

Media reporting on cyber incidents in January 2023

Published on 20 February 2023
By Camille Borrett, Data Analyst for the German Institute for International and Security Affairs (SWP)

EuRepoC’s EU media tracker covers 30 leading news outlets in 9 EU member states (non-paywalled articles). It analyses the extent to which these media report on cyber incidents with a political dimension, compared to other sources, including reports from IT companies, governments, and social media. Cyber incidents with a political dimension, include incidents that (1) targeted political or state actors/institutions, (2) were initiated by state actors or actors associated with states, or (3) incidents that have been politicised regardless of their targets or origin.

The data provides insights into the disparities/similarities between the cyber security expert community and the mainstream media, which continues to play a crucial role in shaping public perception in European societies. By critically analysing EU media discourse on cyber incidents, this tracker contributes to raising awareness, strengthening transparency, and building trust to support improved cyber diplomacy. For more information on the EuRepoC project and data collection methodology, see here.

Key findings and policy implications

Cyber incidents received limited media attention in January 2023. EU media covered by this analysis reported only five cyber incidents with a political dimension in January and only eight since November 2022.

The EU media discourse on cyber incidents is Euro/Western-centric. Whereas 11 cyber incidents with a political dimension targeting non-Western countries were disclosed in January 2023, none were reported by the EU media covered by this analysis.

Beyond its Euro/Western centrism, the EU media also has a strong national focus. Although multiple EU member states faced similar cyber incidents from pro-Russian hacktivists in January 2023, the media mainly reported on the incidents targeting their own country of origin and not those in other EU member states. We thus see a lack of Europeanised reporting on cyber incidents in the face of common threats.

Most cyber incidents reported in the EU media were disruption incidents (e.g., (Distributed) Denials of Service (DDoS) attacks). Less visible incidents, such as hijackings and data theft, were underreported in the EU media, despite often having more severe socio-economic consequences than disruption. This is significant as the increased attention given to disruption incidents can play in the hand of the attackers.

EU Media Cyber Attention Rate - January 2023

In January 2023, 26 cyber incidents with a political dimension were added to the EuRepoC database. Only 5 of these 26 incidents (19%) were reported in the EU media covered by this analysis. Since November 2022, on a global scale, only 8 out of 69 (11%) cyber incidents with a political dimension were reported in the EU media. However, the EU media reported 7 out of 17 (40%) incidents with a political dimension that targeted EU member states/institutions. The EU media discourse on cyber incidents with a political dimension is thus both limited and Eurocentric.

We also observe limited Europeanised reporting on cyber incidents. Multiple cyber incidents attributed to pro-Russian hacktivists targeting different EU member states were publicly disclosed in January 2023. However, most EU media reports were about those cyber incidents with national targets, and few reports were on similar attacks targeting other EU member states. For example, the DDoS attacks targeting the websites of Czech presidential candidates in January 2023 by pro-Russian hacktivists were not reported in the media of the member states covered by this tracker.

The following incidents were reported in EU media in January 2023:

A suspected cyber incident targeting a German public administration in December 2022 - was only reported by German media.
A DDoS attack on the Danish central bank along with several private Danish banks by the pro-Russian hacktivist group NoName057 - was reported by Danish and Estonian media.
The dismantling of the Hive ransomware group by the FBI - was reported by Danish, German and Spanish media.
The disruption of the websites of German private and state entities by the pro-Russian hacktivist group Killnet - was reported by Dutch and German media.
The disruption of the website of several hospitals in Europe by the pro-Russian hacktivist group Killnet - was reported by Dutch and pan-European media.

Figure 1: Cyber Attention Rate in EU media

This figure represents (1) the percentage of incidents reported by EU media out of all incidents added to the database on a given month (dark green line) and (2) the percentage of incidents reported by EU media out of all incidents targeting EU member states/institutions added to the database on a given month (red line).

What type of cyber incidents were most frequently reported?

In January 2023, 3 out of 5 cyber incidents reported by the EU media were disruption incidents. This confirms the overall trend since November 2022, as 75% (6 in total) of all incidents reported by the media were disruption. Disruption is a type of cyber incident aiming to take an information technology process/service out of service. Typical examples of disruptions are DDoS, website defacements and wipers. Hacking with misuse and data theft incidents with a political dimension were underreported. They represented 47% and 24% of cyber incidents targeting the EU over the past months but received little to no EU media attention. This may be linked to the less visible nature of these types of incidents as opposed to disruption incidents. See here for the definition of each incident type.

Figure 2: Proportion of incident types reported in EU media vs all incidents vs incidents targeting the EU

This graph shows the level of attention certain types of incidents receive in EU media (light green dots) compared to their overall proportion out of all incidents added to the database on a given month (dark green dots) and compared to all incidents targeting EU member states/institutions only (red dots).

Click the buttons to display data for previous months. Click the legend items to show/hide them.

Which cyber attackers were most frequently reported?

For 3 out of 5 cyber incidents reported by the EU media tracked by EuRepoC in January 2023, the origin of the incident remains unknown. The other two reported incidents are attributed to Russia. This is in line with the general trend since November 2022, where most incidents have an unknown origin, followed by incidents attributed to Russia.

Figure 3: Most frequently reported cyber attackers in EU Media vs all incidents vs incidents targeting the EU

This graph shows the proportion of incidents attributed to a specific country reported in EU media (light green dots) compared to their overall proportion out of all incidents added to the database on a given month (dark green dots) and all incidents targeting EU member states/institutions only (red dots).

Click the buttons to display data for previous months. Click the legend items to show/hide them.

European discourse or national silos – did news outlets only cover incidents targeting their own Member State?

79% of all EU media reports covered by EuRepoC since November 2022 were about incidents targeting EU member states/institutions, while 21% (5 in total) were about incidents occurring outside the EU. 47% of the EU media reports (9 in total) about EU incidents were about the incident targeting the European Parliament in November 2022. Only 15% of the reports (3 in total) were about cyber incidents occurring in a Member State other than the country of origin of the media outlet. The remaining 37% of reports (7 in total) were reports about incidents occurring nationally.

Figure 4: Share of EU media reports on cyber incidents by targeted region (inner pie) / by targeted country (middle pie) / by reporting country (outer pie)

How to interpret and use the graph: The outer pie shows the reporting countries, the middle pie the targeted countries and the inner pie the targeted region/level. This graph shows, for example, that 50% of the EU media reports on cyber incidents were about incidents targeting EU Member States/EU institutions other than the country of origin of the media outlet (inner pie). Out of these reports, 75% were about incidents targeting EU institutions (middle pie). Out of those reports on cyber incidents targeting EU institutions, 22% were reported by Austrian media, 22% by pan-European media, 22% by Spanish media, 11% by Dutch media, 11% by German media and 11% by French media (outer pie). You can click on each element in the pie to see the proportions for each sub-level.

Figure 5: National level reporting

Select a Member State in the dropdown list below to display detailed figures on reporting about cyber incidents targeting this Member State along with reporting from this Member State's national media on incidents in other countries in January 2023 and overall since November 2022.

Note on methodology

This analysis only covers media articles that are not behind a paywall.

Each source is scanned daily and automatically as part of the general EuRepoC data collection methodology. We cover the media sections on national and international politics and columns on cybersecurity/technology (see table below).

Please note that EuRepoC only considers cyber incidents that have a political dimension. It is possible that the EU media outlets covered by this analysis reported on additional cyber incidents outside the scope of the EuRepoC project.

National media outlets covered by EuRepoC

Select a Member State in the dropdown list below to display the specific media outlets covered under the scope of this analysis.