Cyber Incident Victim: Chemnitzer Verkehrsbetriebe
Date:
May 2023
Location:
Germany
Summary
A cyber incident disrupted operations for the Chemnitzer Verkehrsbetriebe, affecting the websites of its City-Bahn and CVAG divisions due to suspected unauthorized system access. The outage began overnight and persisted for multiple days, rendering online services inaccessible with error messages; administrators proactively took the sites offline during the investigation. While the primary platforms remained nonfunctional, customers could still access schedule information through an alternate regional transport association website. The organization confirmed the disruption stemmed from a potential cyberattack but did not specify operational impacts beyond web service unavailability.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The incident affecting Org e5b5347b-7921-416e-89a0-a4dc5686c0fc, identified as the Chemnitzer Verkehrs-AG (CVAG) and Chemnitzer City-Bahn, began in the early hours of Saturday, May 13, 2023, when unauthorized access to the organizations' systems was detected. This led to the immediate unavailability of both entities' public-facing websites, with error messages indicating service disruption persisting through at least Monday morning, May 15. CVAG representatives publicly confirmed suspicions of a cyberattack following forensic assessment, citing "unauthorized access to CVAG systems" as the root cause. In response, the organizations proactively disabled their websites to contain potential threats and prevent further unauthorized activity. Technical teams initiated investigations to determine the scope of compromise, though restoration timelines remained uncertain days after initial detection.
The cyber incident exclusively disrupted digital services under CVAG and City-Bahn administration, specifically their primary websites. Third-party platforms like the Verkehrsverbund Mittelsachsen site remained operational, allowing customers to access timetable information through alternative channels. No operational disruptions to physical transit services were reported, indicating the attack primarily impacted informational systems rather than industrial control infrastructure. Organizational spokespersons emphasized the preventive nature of the website takedowns but provided no specifics regarding data compromise, attack vectors, or responsible threat actors. Recovery efforts focused on securing systems before restoring public access, with no resolution timeframe communicated publicly by May 15. The prolonged outage suggested significant forensic requirements or remediation complexity following the breach.