Cyber Incident Victim: Enercon
Date:
Oct 2023
Location:
Germany
Summary
The city of Nürnberg experienced a sustained DDoS attack targeting its public web portal, causing extended service disruptions for residents. Attackers leveraged botnets to flood external servers with hundreds of thousands of requests per minute, overwhelming infrastructure and rendering online services inaccessible. While the main website was partially restored, mitigation efforts required continuous adaptation as attackers persistently shifted between new servers and IP addresses to maintain offensive pressure. Municipal authorities confirmed no data compromise or ransomware demands occurred, emphasizing operational impacts were limited to service availability rather than system infiltration. IT teams and hosting providers collaborated on defensive measures throughout the incident, though residual instability remained possible during recovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 12, 2023, the city of Nürnberg experienced a sustained cyberattack targeting its public-facing internet portal, nuernberg.de. The incident began at approximately 8:30 AM local time when the website became unreachable due to overwhelming traffic volumes. Initial analysis confirmed a distributed denial-of-service (DDoS) attack leveraging botnets to flood the city’s external servers with hundreds of thousands of simultaneous requests per minute. This technique aimed to cripple online services by overloading infrastructure rather than stealing data. Municipal IT teams and external server operators immediately initiated countermeasures, though service restoration faced significant challenges due to the attackers’ dynamic tactics. By the afternoon, limited access to the website was restored, though officials cautioned that intermittent disruptions might persist.
The attack continued throughout the day with hackers frequently switching commandeered servers and IP addresses to launch renewed assaults, described by city spokespersons as a "Sisyphus task" to mitigate. Despite partial stabilization of systems, recurring waves of traffic from new sources required constant defensive adjustments. Municipal experts confirmed no compromise of internal administrative networks or sensitive data, isolating the impact to public service disruptions. Officials publicly ruled out ransom payments to attackers, emphasizing no direct extortion demands had been received. Forensic efforts to trace the attack’s origin proved inconclusive due to the distributed nature of the botnets, with traffic originating from geographically diverse endpoints. Ongoing collaboration between city IT staff and infrastructure providers maintained conditional website functionality amid persistent but diminishing attack volumes by the evening of October 12.