Cyber Incident Victim: Stadt Nürnberg

On Friday, 25 April 2025, at approximately 08:00, the municipal website of Nuremberg, www.nuernberg.de, became unreachable or only intermittently accessible. The city’s IT specialists immediately began fault analysis after the outage was observed. Initial communications from the city indicated that the disruption was caused by an external influence on the website’s public‑facing servers. The internal municipal IT infrastructure was explicitly stated to be unaffected by the incident. By mid‑morning, officials noted that there were indications pointing toward an external attack as the source of the service interruption. Subsequent analysis identified the incident as a Distributed Denial of Service (DDoS) attack, in which the web servers were flooded with a high volume of requests that exceeded their capacity to respond. This overload caused the service to be repeatedly denied to legitimate users. Interactive web services such as the site’s search engine and contact forms were especially impacted, while static informational pages experienced less severe disruption. In response, the city’s expert teams enacted immediate counter‑measures to mitigate the traffic flood. The attack was confined to the external web servers and did not involve any breach or compromise of the internal administrative networks.

By the afternoon of the same day, the city reported that the homepage had become reliably reachable again and that all online services were once more available to users. However, later updates indicated that certain interactive web services remained unavailable despite occasional successful access to the site, and the administration could not provide a reliable forecast for when full normal operation would be restored. The incident concluded with the website restored to unrestricted access, while the city continued to monitor for any residual effects.