Cyber Incident Victim: Bayerische Staatsregierung

On February 13, 2025, the Bavarian State Government experienced a cyberattack targeting its digital infrastructure, specifically affecting the State Chancellery and the State Ministry for Digital Affairs. The attack, identified as a distributed denial-of-service (DDoS) incident, rendered several government websites temporarily inaccessible, though full functionality was restored without prolonged disruption. Authorities from the Bavarian State Office for Security in Information Technology attributed the incident with high probability to "pro-Russian hacktivism," though no specific threat actor group was named. Technical analysis confirmed no data exfiltration, encryption, or permanent damage occurred during the breach. Concurrent irregularities were reported on the Bavarian Police’s online presence, though the extent remained unspecified. The disruption also impacted external entities, including the Munich District Office and the City of Garching’s websites, which remained offline for approximately one day.

The State Criminal Police Office (LKA) initiated an investigation but could not confirm whether the timing correlated with the Munich Security Conference occurring that week. Following forensic examination by cybersecurity personnel, the case was formally transferred to law enforcement for criminal prosecution. All affected systems resumed normal operations after mitigation measures were implemented. No public statements attributed responsibility for the attack, and authorities did not disclose technical specifics of the DDoS vectors or mitigation techniques employed. The incident remained under active investigation at the time of reporting, with no further updates on attribution or additional compromised entities.