Menu
Browse

Cyber Incident Victim: Deutsche Bischofskonferenz

Date:

Feb 2025

Location:

Germany

Summary

The IT systems of the German Bishops' Conference Secretariat fell victim to a sophisticated cyberattack attributed to a group associated with organized cybercrime. Emergency protocols were activated immediately upon detection, involving disconnection from the internet, notification of investigative authorities and data protection officials, and engagement of external IT forensic specialists to determine how attackers circumvented multi-layered security systems. Ongoing investigations are assessing potential data exfiltration and impacts on email accessibility, with commitments to proactively inform affected parties if personal data breaches are confirmed.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 3 techniques
Threat Actors Type Location
0 actors Available to members Available to members

Description

On February 10, 2025, the Secretariat of the German Bishops' Conference (Deutsche Bischofskonferenz) and the Association of Dioceses of Germany (Verband der Diƶzesen Deutschlands) experienced a professional cyberattack targeting their IT infrastructure. A group attributed to organized cybercrime claimed responsibility for the breach. The intrusion was detected late on Monday afternoon, triggering pre-established emergency protocols that included immediate isolation of affected systems from the internet. Authorities were promptly notified, including relevant law enforcement agencies and the Data Protection Commissioner. External IT forensic specialists were engaged to investigate the attackers' methods, particularly how they circumvented the organization's multi-layered security systems. The incident disrupted standard operational workflows due to the forced network disconnection.

Cyber Incident Image

Investigations focused on determining whether the threat actors successfully exfiltrated data from compromised systems, with no immediate confirmation of data theft. Email communications remained partially inaccessible as systems underwent forensic examination and remained offline. The Association of Dioceses committed to proactively notifying affected parties should forensic analysis confirm unauthorized access to personal data, adhering to statutory data protection obligations. No additional technical specifics regarding attack vectors, malware variants, or compromised system types were disclosed during the initial response phase. Recovery efforts proceeded alongside the criminal investigation, with no public timeline provided for full system restoration.

Sources
Sources available to members
1 source