Cyber Incident Victim: IHK-GfI mbH
Date:
Aug 2022
Location:
Germany
Summary
A professional cyberattack targeted the IHK organization, prompting an immediate shutdown of IT systems as a preventive measure. The incident caused widespread disruption, rendering online services, websites, and digital platforms inaccessible across all affiliated chambers in Germany, while telephone and email communications were also severely impacted. Regional offices remained physically operational despite the outage. The organization's IT response team worked to gradually restore services by verifying system integrity before reactivation, though the exact nature of the attack remained unspecified. The coordinated response aimed to mitigate further risks while maintaining core functions through alternative channels.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 2, 2022, the IHK Gesellschaft für Informationsverarbeitung (GfI) detected suspicious cyber activities targeting the IT infrastructure of Germany's nationwide network of Industry and Trade Chambers (IHK). The attack was first observed during the afternoon hours, prompting immediate containment measures. By late evening, IHK GfI—the central IT service provider for all 79 regional IHK organizations—initiated a preventive shutdown of critical systems to disrupt the ongoing incident. This action affected digital services across all member chambers, though physical office locations remained operational. The coordinated response aimed to isolate compromised systems and prevent further unauthorized access.
The cyber incident caused widespread service disruptions starting August 3, with IHK websites, email systems, and telephone services becoming unreachable nationwide. Digital self-service portals and online transaction systems were rendered inoperable, forcing businesses to rely on in-person visits for essential services. Regional chambers in North Rhine-Westphalia, Lower Saxony, Bavaria, and Mecklenburg-Western Pomerania publicly confirmed infrastructure outages, though no geographical attack pattern emerged. IHK GfI technicians began systematically inspecting and reactivating services only after verifying their security integrity. While initial speculation suggested a potential DDoS attack, the nature of the compromise remained unconfirmed. The incident impacted approximately four million member companies reliant on IHKs for legal compliance, regional business representation, and government liaison services. Recovery efforts prioritized gradual restoration of verified clean systems over several days following the initial detection.