Cyber Incident Victim: Die Senatorin für Gesundheit, Frauen und Verbraucherschutz
Date:
Feb 2025
Location:
Germany
Summary
A series of cyberattacks targeted Bremen authorities over four months, including multiple unsuccessful distributed denial-of-service (DDoS) attempts against the Senator for Health, Women, and Consumer Protection and other departments. The only successful DDoS attack overwhelmed police website servers with 18,000 requests per minute, causing partial inaccessibility across Bremen's administrative websites for approximately 90 minutes before mitigation. The pro-Russian group NoName057(16) claimed responsibility, aligning with their pattern of disrupting Ukrainian supporters. Separately, phishing compromised two education department email accounts for spam distribution, while earlier botnet attacks manipulated contact forms for mass spam. Authorities confirmed no data theft occurred during the DDoS incidents but acknowledged prior breaches, while denying any targeted campaign against Bremen specifically.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between January and February 2025, Bremen authorities experienced five distinct cyber incidents targeting their digital infrastructure. The first recorded attacks occurred in January against the websites of the Senator for Health, Women, and Consumer Protection (Die Senatorin für Gesundheit, Frauen und Verbraucherschutz) and the Economic Promotion Department. These initial attempts employed Distributed Denial-of-Service (DDoS) methodologies, flooding servers with excessive simultaneous requests to overwhelm capacity. Both January attacks proved unsuccessful, causing no operational disruptions or service degradation. The techniques mirrored those later deployed against Bremen Police on February 12, when attackers directed approximately 18,000 requests per minute at the police website's contact form, exceeding server capacity. This sustained bombardment caused partial or complete inaccessibility of Bremen's entire administrative web presence between 07:00 and approximately 08:30 local time. While the active attack persisted until evening, mitigation efforts by IT service provider Dataport restored partial functionality within two hours through identification and deactivation of the compromised contact form and local search features as primary attack vectors.
The pro-Russian hacker collective NoName057(16) claimed responsibility for the February 12 DDoS incident, aligning with their established pattern of targeting Ukrainian allies' government infrastructure. Germany's Federal Office for Information Security (BSI) issued an attack warning to Bremen authorities at 09:00 during the ongoing disruption. Forensic analysis revealed no evidence of data exfiltration, compromise, or loss during this incident. In response, Dataport implemented a software update in late February introducing automated request throttling and functional deactivation protocols for internal search features and contact forms during abnormal traffic surges. Separate cybersecurity events occurred concurrently, including a late-February phishing campaign that compromised two email accounts within Bremen's School Administration, enabling spam distribution from official addresses. A December 2024 botnet spamming incident had previously manipulated contact forms across multiple websites for mass spam dissemination. Bremen's Senate assessed no operational or tactical linkages between these five cyber events, characterizing them as opportunistic rather than specifically targeted attacks against Bremen's administrative infrastructure.