Cyber Incident Victim: Enercon

On October 12, 2023, multiple German cities, including Dortmund and Cologne, experienced distributed denial-of-service (DDoS) cyberattacks targeting their public web servers. The incident began around 8:30 AM when Dortmund's municipal homepage became inaccessible due to overwhelming traffic volumes. Attackers utilized botnets to flood dortmund.de with tens of thousands of requests per second from constantly changing IP addresses, deliberately overloading the server's capacity. Cologne's systems simultaneously faced similar malicious traffic patterns, characterized by coordinated attempts to disrupt service availability through artificially inflated request volumes. Municipal authorities confirmed the attacks constituted intentional overload attempts rather than data breaches, with no evidence of compromised internal networks or administrative IT systems. Both cities emphasized that sensitive data remained unaffected despite the sustained bombardment targeting public-facing web infrastructure.

Dortmund's hosting provider collaborated with external cybersecurity experts to implement countermeasures against the ongoing attack, which remained active at the time of reporting. Cologne's IT teams successfully restored partial functionality to their homepage through initial defensive actions, though the attack against their servers continued. Municipal communications described the incidents as part of a broader pattern affecting urban centers nationwide, with Nuremberg, Dresden, and Hanover reporting comparable DDoS disruptions on the same date. The coordinated nature of these geographically dispersed attacks suggested a synchronized targeting methodology focused on crippling municipal web services. Technical responses prioritized traffic filtering and infrastructure resilience while authorities monitored for extended impacts on citizen-facing digital services.