Quick Summary
AllegedExecutive Summary
Vienna Airport (Flughafen Wien AG), a major transportation and logistics organization in Austria, was listed as a victim on the APT73 threat group’s dark web portal on June 23, 2026. This listing was identified by SOCRadar’s Dark Web Monitoring service. As Austria’s primary international airport operator, the organization’s inclusion highlights the group’s interest in high-visibility European critical infrastructure. APT73 has claimed numerous victims recently, with a focus on the Public Sector, Business Services, and Technology sectors, primarily in the United States, United Kingdom, and Germany. While Vienna Airport’s listing aligns with the group’s targeting of transportation and logistics entities, it represents a divergence from their core public-sector and business-services focus.
Technical Analysis
SOCRadar’s analysis of stealer-log telemetry revealed limited corporate exposure for the viennaairport.com domain. The logs primarily contained external and consumer-provider accounts, including those for webmail, an airside training portal, and an ID-card system, rather than direct corporate employee credentials. This suggests a possible risk of customer account takeover or supplier risk, rather than a direct corporate intrusion. The presence of consumer credentials on operational subdomains could be attributed to contractor access, personal email use, or misconfigured authentication. While the observed stealer-log data did not confirm a corporate initial-access exposure, this is not definitive. The absence of corporate credentials could be due to sampling methods, alternate domains, or aliasing. Continued monitoring and an audit of external access on affected portals are recommended.