Cyber Incident Victim: Landesregierung Mecklenburg-Vorpommern
Date:
Aug 2023
Location:
Germany
Summary
Hackers launched a distributed denial‑of‑service campaign against the online presence of the Landesregierung Mecklenburg-Vorpommern, overwhelming the servers of its ministries, subordinate agencies, the police homepage and the MV service portal with a surge of requests. The attacks were detected by the state’s IT service provider DVZ and its computer emergency response team CERT M-V, which activated alerts and confirmed that existing defenses kept the impact minimal. Officials warned that further waves could occur over the weekend and said specialists would remain on standby to respond if needed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Thursday morning, IT security experts of the Mecklenburg-Vorpommern state government detected a significant increase in traffic to various government websites. The affected sites included the webpages of several ministries and subordinate authorities, the public homepage of the state police, and the MV-Serviceportal. These services are hosted and maintained by the state's IT service provider, the Datenverarbeitungszentrum (DVZ) MV. The IT specialists of DVZ and the Computer Emergency Response Team CERT M-V observed a strongly elevated volume of requests arriving at the servers. Initial analysis indicated that the traffic surge was consistent with a distributed denial-of-service (DDoS) attack aimed at overloading the infrastructure. Upon recognizing the pattern, DVZ and CERT M-V were placed into an alert status to monitor the situation closely.

By early afternoon, the security measures implemented by the IT teams were observed to be functioning effectively. The incoming attack traffic was largely mitigated, resulting in the disruption being minimal and the websites remaining accessible to users. No reports of data breach or service outage were mentioned in the source material regarding the impact of the attack. The incident was described as the largest cyberattack on state administration websites in Mecklenburg-Vorpommern up to that point, although the defensive actions prevented significant harm. The response involved continuous coordination between DVZ, CERT M-V, and the state government's IT security personnel. Logs and traffic analysis were used to distinguish legitimate user requests from malicious traffic in real time.
The responsible minister noted that while the current attack had been largely ineffective, the possibility of a renewed attack wave over the upcoming weekend could not be excluded. Consequently, the minister announced that the specialized IT security teams would remain on alert and prepared to react immediately should further malicious activity be detected. This stance underscored an ongoing commitment to maintain heightened vigilance against potential future threats to the state's online services. No additional technical details about the attackers, their origins, or specific tools used were provided in the article. The narrative concludes with the statement that the state's cyber defense posture remained active following the incident.
