Credit: Pixabay
On Friday 26 June 2026, Luxembourg's Cyber Risk Assessment Cell (CERC) convened following a spear phishing incident that targeted government workstations and subsequently affected the government's information system.
According to the CERC, the incident occurred on the morning of Tuesday 23 June. Once it was detected, the competent authorities implemented several preventive measures to limit its impact.
The authorities explained that spear phishing is a targeted form of phishing in which attackers tailor messages to a specific individual or organisation to make them appear more credible and increase the likelihood of obtaining sensitive information.
Afterwards CERC held a meeting, bringing together epresentatives of HCPN/GOVCERT, Luxembourg Institute of Regulation (ILR), Commission for the Supervision of the Financial Sector (CSSF), Government IT Centre (CTIE), Computer Incident Response Center Luxembourg (CIRCL), the Grand Ducal Police, the State Intelligence Service (SRE), the Luxembourg Army, the Directorate of Defence, Luxembourg’s Ministry of State, Luxembourg’s Ministry of Foreign and European Affairs, Defence, Development Cooperation and Foreign Trade, and Luxembourg’s Ministry for Digitalisation.
The authorities confirmed that, at this stage, no major impact on users has been identified.
The competent services are continuing their technical analyses of the incident and are also assessing whether any additional precautionary measures are necessary.
