Wave of Cyberattacks Hits Europe: Ruđer Bošković Institute Among Targets

In recent days, a series of severe cyberattacks have been recorded across Europe, targeting major companies and institutions, including airlines, government agencies, and research centers. Following a recent incident involving Australia’s Qantas, European carriers Air France and KLM have also fallen victim to cybercriminals. Unauthorized access was detected on an external customer service platform, compromising passenger data such as names, email addresses, phone numbers, and frequent flyer account details. While sensitive information like passwords, passport numbers, and credit card details was not exposed, the breach has raised concern and prompted additional security measures.

A similar attack was recorded in the Adriatic region, where the target was Zagreb’s Ruđer Bošković Institute (IRB). The attack, carried out on July 31, 2025, was part of a global wave affecting at least 9,000 institutions worldwide, exploiting the ToolShell vulnerability in Microsoft SharePoint. The ransomware impacted part of the network related to the IRB’s administrative and technical departments, encrypting numerous documents and databases. The Institute has firmly refused to pay the ransom and is addressing the incident strictly through professional and security protocols, restoring data from secure backups.

These incidents once again highlight the growing threat of sophisticated cyberattacks in Europe and the need for continuous improvement of protective measures.

The IRB’s email system was down from July 31 to August 8, and the incident was reported to the Ministry of the Interior, the national CERT, and the Croatian Personal Data Protection Agency (AZOP). A forensic investigation is ongoing, and it is not yet known whether unauthorized access to personal data occurred. As a precaution, the network remains partially offline while a new IT infrastructure is being built in accordance with the latest cybersecurity standards.