Cyber Incident Victim: brain-SCC
Date:
Jul 2025
Location:
Germany
Summary
brain-SCC reported that its infrastructure was hit by a large-scale DDoS attack targeting municipal websites, which generated massive access spikes through central proxies and temporarily disrupted even services not directly aimed at. The attack caused several web portals to be only intermittently reachable while internal administrative functions and applications such as online appointment booking remained operational and no data exfiltration was observed. After a few hours the affected sites were restored, though access was not entirely smooth, and the incident fits into a broader wave of similar attacks on public sector sites in the region, including recent disruptions to ministry, Magdeburg and Halberstadt online presences.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday, July 29, 2025, the infrastructure of brain‑SCC was targeted by a large‑scale DDoS attack directed at municipal web presences. The attack traffic flowed through central proxy servers, generating massive access peaks that temporarily impaired not only the directly targeted services but also other non‑directly attacked systems. Throughout the day the effects were noticeable, with individual web portals being only partially reachable at times. At no point did the incident result in any data exfiltration. The event is described as part of a broader series of cyber attacks against public institutions in Saxony‑Anhalt, following recent DDoS incidents targeting several state ministry portals and repeated attacks on state websites reported by MZ and MDR.
On the same day the websites of the Burgenlandkreis, the city of Lützen and additional municipalities in Saxony‑Anhalt were reported as unreachable. The district administration’s online appointment booking system remained intact according to official statements. The Lützen town hall cited its service provider, which observed an excessively high number of accesses to the websites, a pattern that suggested an attack. The news agency dpa noted that the online presences of Magdeburg and Halberstadt were also affected. Administrative work itself was not impaired. By the afternoon the sites of the Burgenlandkreis and Lützen were reachable again, although the Lützen press spokesperson Camilo Rodriguez described the initial restoration as “not completely smooth.”
The service provider’s report of unusually high access volumes enabled the identification of the attack traffic. Following detection, the abnormal traffic subsided and normal access to the affected municipal websites was restored by the afternoon. No data loss was recorded, and the administrations confirmed that their internal operations continued without disruption throughout the incident.