Cyber Incident Victim: Landeshauptstadt Hannover

On October 12, 2023, the www.hannover.de platform family—comprising the official portal of the state capital and region of Hanover along with partner municipal portals—experienced a significant disruption due to a coordinated bot attack. The incident began in the morning hours when attackers launched a distributed denial-of-service (DDoS) assault using hijacked computers and infrastructure distributed globally, forming a bot network. This malicious traffic overwhelmed the platforms, causing repeated collapses and rendering the websites unreliably accessible to users. The primary objective of the attack appeared to be disruption of public access to municipal services rather than data compromise or financial gain. By 1:46 p.m. local time, technical teams had restored largely trouble-free operations after identifying and countering the attack pattern, though the assault continued posing residual availability risks.

The operational response involved coordinated efforts between Hannover.de Internet GmbH's data center specialists and development personnel who analyzed traffic patterns to decipher the bot network's attack methodology. Managing Director Dirk Sarnes confirmed the attackers employed standard DDoS tactics by directing massive automated requests through compromised systems worldwide. While the restoration of stable service marked a containment milestone, the persistence of the attack meant intermittent disruptions remained possible post-recovery. No data breaches or secondary compromises were reported beyond the availability impacts. The incident mirrored similar contemporaneous attacks targeting municipal portals across Germany, though no specific threat actor attribution was disclosed. Service availability monitoring continued as technical teams maintained defensive measures against the ongoing bot network activity.