luxtimes.lu | Luxembourg Times
Alex Stevensson
25/03/2026
Lessons learnt and CTIE phones and tablets now secure again, says digitalisation minister
Thousands of devices owned by the Luxembourg public sector found to be infected with malware at the end of February have since been updated and secured, digitalisation minister Stéphanie Obertin has said.
Thousands of devices owned by the Luxembourg public sector found to be infected with malware at the end of February have since been updated and secured, digitalisation minister Stéphanie Obertin has said.
The security breach was confirmed on 27 February but details were scant at the time, with LSAP deputy Ben Polidori submitting a written parliamentary question on the same day, to which Obertin provided a reply on Tuesday.
The malware was first discovered on 26 February; the day before it was confirmed publicly, the minister said. It was detected on the system that manages mobile devices (smartphones and tablets) - which was found to have been infected a few hours before the provider updated its system at the end of January.
Analysis showed that the “memory resident” malware gained access to the list of phones and tablets managed by the State Centre for Information Technology (CTIE), containing both data relating to the devices and their users. Data such as messages, calendars and photos stored on devices was not affected by the incident, Obertin said.
Furthermore, devices managed by the educational IT service, CGIE, such as school pupils’ tablets, are not believed to have been affected at all.
All 4,850 devices managed by the CTIE were affected, however, as the agency isolated and reinstalled the affected system.
According to Obertin, the security measures in place allowed the CTIE to quickly isolate the affected system as soon as it was discovered to have been infected, but declined to offer precise details, for security reasons, noting that such incidents can never be entirely ruled out. New insights have been gained from the incident, as with all incidents, she added.
The National Commission for Data Protection, the CNPD, was notified of the malware on 27 February and has completed its investigation but not yet reported back with its findings.
“State services remained permanently accessible and fully operational - both via the PC with which all civil servants are equipped as standard, and via mobile phone through the ‘web interface’,” Obertin assured, saying essential services never went offline.
therecord.media (01.08.2025) - Authorities in Luxembourg said a nationwide telecommunications outage in July was caused by a deliberately disruptive cyberattack. Huawei networking products were reportedly the target.
Luxembourg’s government announced on Thursday it was formally investigating a nationwide telecommunications outage caused last week by a cyberattack reportedly targeting Huawei equipment inside its national telecoms infrastructure.
The outage on July 23 left the country’s 4G and 5G mobile networks unavailable for more than three hours. Officials are concerned that large parts of the population were unable to call the emergency services as the fallback 2G system became overloaded. Internet access and electronic banking services were also inaccessible.
According to government statements issued to the country’s parliament, the attack was intentionally disruptive rather than an attempt to compromise the telecoms network that accidentally led to a system failure.
Officials said the attackers exploited a vulnerability in a “standardised software component” used by POST Luxembourg, the state-owned enterprise that operates most of the country’s telecommunications infrastructure. The government’s national alert system, which officials had intended to use to warn the population about the incident, failed to reach many people because it also depends on POST’s mobile network.
POST’s director-general described the attack itself as “exceptionally advanced and sophisticated,” but stressed it did not compromise or access internal systems and data. POST itself and the national CSIRT are currently forensically investigating the cause of the outage.
Although the government’s statements avoid naming the affected supplier, Luxembourg magazine Paperjam reported the attack targeted software used in Huawei routers. Paperjam added that the country’s critical infrastructure regulator is currently asking any organisations using Huawei enterprise routers to contact the CSIRT.
Remote denial-of-service vulnerabilities have previously been identified in the VRP network operating system used in Huawei’s enterprise networking products, although none have recently been publicly identified. Huawei’s press office did not respond to a request for comment.
The Luxembourg government convened a special crisis cell within the High Commission for National Protection (HCPN) to handle the response to the incident and to investigate its causes and impacts, alongside the CSIRT and public prosecutor.
The CSIRT’s full forensic investigation is intended to confirm how the attack happened, while the public prosecutor will assess whether a crime has taken place and if a perpetrator can be identified and prosecuted.
The incident has also accelerated Luxembourg’s national resilience review, a process already underway before the attack. Authorities, concerned that a single point of failure had such a dramatic disruptive effect, are now reassessing the robustness of critical infrastructure, including fallback procedures for telecom and emergency services.
Luxembourg is also exploring regulatory changes to allow mobile phones to automatically switch to other operators’ networks during telecom outages, a practice already used in countries like the United Kingdom, Germany and the United States for emergency calls.
Several websites were inaccessible for a two-hour period on Friday afternoon
Après une première attaque au printemps, les sites de l'État luxembourgeois ont été à nouveau visés le 23 octobre dernier par une attaque "DDoS".
