Cyber Incident Victim: Mecklenburg–Western Pomerania
Date:
May 2024
Location:
Germany
Summary
A cyberattack disrupted government and police websites in Mecklenburg–Western Pomerania, causing partial outages and limited access to state government, police, and domestic intelligence agency portals. The IT service provider for the state confirmed the incident involved distributed denial-of-service (DDoS) attacks overwhelming servers with excessive traffic, mirroring previous attack patterns attributed to a Russian-linked group. Technical specialists worked to contain additional attack waves, though authorities warned of potential ongoing disruptions. The impacted systems primarily affected specialized departmental pages hosted by the state's data processing center, with similar infrastructure targeted in prior incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 23, 2024, hackers disrupted the websites of the Mecklenburg-Western Pomerania state government and police, causing significant accessibility issues. Multiple online platforms operated by the state government, state police, and domestic intelligence service (Verfassungsschutz) experienced partial outages starting Thursday morning, as confirmed by officials in Schwerin. State Digitalization Minister Christian Pegel (SPD) stated that initial analyses quickly identified the incidents as distributed denial-of-service (DDoS) attacks, where perpetrators overwhelm servers with massive artificial traffic volumes. The attack methodology closely resembled previous cyber incidents targeting the same entities in April and November 2023. Historical context from the state interior ministry indicated a Russian hacker group had claimed responsibility for the November 2023 attacks. All affected websites are maintained by the regional IT service provider Datenverarbeitungszentrum (DVZ) M-V, with specialized departmental portals suffering the most severe disruptions. Technical teams worked intensively to contain additional attack waves, though authorities warned that further disruptions remained likely during the immediate response phase.
This incident continues a pattern of cyber assaults against Mecklenburg-Western Pomerania's digital infrastructure, with November 2023 attacks primarily targeting state police websites and April 2023 incidents affecting multiple German federal states including this region. The latest attack prompted coordinated mitigation efforts through DVZ M-V's technical personnel, who prioritized restoring critical government services while implementing defensive measures against ongoing malicious traffic. Minister Pegel emphasized that while response teams operated under high pressure to minimize operational impacts, citizens and stakeholders should anticipate potential continued service limitations due to the persistent threat of follow-up attacks. No data breaches or system infiltrations beyond the DDoS disruptions were reported in this incident, contrasting with some previous cyber campaigns against German public sector entities. The recurrence of similar attack vectors within eighteen months underscores the operational challenges facing regional authorities in maintaining resilient web services against increasingly frequent large-scale DDoS operations.