Binary code for umbrella and rain.  Data protection, security and data protection concept

European weather services hit by storm of malicious email attacks

By Adam Vaughan

Weather services have been hit by malware

Who_I_am / Getty Images

Weather services across Europe were hit by a storm of malicious email attacks last week, forcing groups to improve security and creating challenges for employees.

The Met Office and the European Center for Medium-Range Weather Forecasts (ECMWF) in Great Britain, the Spanish State Meteorological Agency and the Danish Meteorological Agency (DMI) are among the European services concerned, New Scientist has confirmed.

People working at weather services have received a large number of emails allegedly from trusted contacts, with some of the senders spoofing the European Commission addresses.


The widespread attacks came after a person in the meteorological community’s laptop was infected with malware, which resulted in the user’s mailbox being captured by a botnet, according to ECMWF. The botnet then used its email account to send messages containing malware to contacts in the community. E-mail lists of several international weather organizations that were not named have been infected.

“Although this attack caused disruption, we can confirm that the attack remained at the e-mail level and that our systems were not breached and our operations were never compromised,” says a spokesman for the ECMWF.

It is unclear whether the attackers deliberately targeted weather services, which are considered national infrastructure in many countries, or simply got lucky by infecting the computer of a person who was a member of multiple meteorological groups.

Either way, the attack was challenging. The Met Office confirmed that several employees had received malicious emails claiming “came from a number of sources within the European Met community”.

A Met Office spokesman said the number of emails has dropped sharply in the past few days and he is confident that measures such as blocking links and attachments and providing security policies for employees have not compromised machines. The new measures “created some challenges for our daily work” but the impact on services was minimal.

Ruth Mottram, climate researcher at DMI, says there has been some minor glitch as legitimate email is being intercepted in spam filters. Colleagues from other weather services have reported IT departments are removing all attachments, she added. The attacks “naturally put a little pressure on the e-mail system and thus on working life”, but the DMI IT team is “right at the top”, she says.

Mike Beck of UK cyber security firm Darktrace says meteorological groups are inherently vulnerable to them Attacks because of their open and collaborative nature. “I have seen that it is much easier for attackers in academia to spread,” he says.

David Emm of cybersecurity firm Kaspersky says compromising an insider email account is “gold” for attackers and would have contributed to the spread of email. He says it’s hard to tell whether the owner of the originally infected laptop was targeted or the victim of a generalized phishing approach.

More on these topics: