Cyber Incident Victim: Robert Koch Institute
Date:
Oct 2020
Location:
Germany
Summary
The German infectious disease control agency, the Robert Koch Institute, experienced a distributed denial of service attack that disrupted its website for two hours shortly before its headquarters were targeted in an arson attempt. The cyber incident caused temporary operational disruption but did not compromise sensitive data, according to federal information technology authorities. Both events occurred within a short timeframe, though no explicit connection between the digital attack and the physical incident was detailed in initial reports.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In October 2020, Germany’s Robert Koch Institute (RKI), a central agency for infectious disease control, experienced a cyber attack targeting its online infrastructure. On October 22, the institute’s website was disrupted for approximately two hours due to a distributed denial-of-service (DDoS) attack, as reported by Der Spiegel and confirmed by the Federal Centre for Information Technology. The attack overwhelmed the website with traffic, rendering it temporarily inaccessible. No compromise of sensitive data or internal systems was reported, indicating the attack’s primary impact was limited to service availability. The incident occurred amid heightened operational demands on the RKI, which was actively coordinating Germany’s response to the COVID-19 pandemic. Authorities did not publicly attribute the attack to a specific threat actor or disclose technical details about the mitigation measures deployed.
Days after the cyber incident, the RKI’s Berlin headquarters became the target of an arson attempt, though no direct operational or evidentiary link between the two events was confirmed in available reporting. Der Spiegel highlighted the temporal proximity of the incidents but did not cite official statements suggesting coordination or shared motives. The arson attempt, which involved an incendiary device, caused minor property damage but no injuries. German law enforcement investigated both events separately, with no public indication that the cyber attack facilitated the physical security breach. The RKI resumed normal operations following both incidents, maintaining its role in pandemic management without reported long-term disruptions to its public health functions.