Cyber Incident Victim: Hochschule Ansbach
Date:
Oct 2022
Location:
Germany
Summary
A cyberattack targeted Hochschule Ansbach's central server in the early morning hours, prompting an immediate response from its IT service to isolate the affected system and prevent significant damage. The incident disrupted multiple services including the Moodle learning platform, Zoom conferencing software, and PRIMUSS campus management tool, while also blocking access to computer pools and forcing cancellations of virtual seminars; public Wi-Fi remained accessible. Investigations by the State Criminal Police Office and the State Data Protection Authority are ongoing, with restoration of normal operations anticipated the following week pending official progress.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 20, 2022, the Hochschule Ansbach experienced a cyberattack targeting its central server during the early morning hours, specifically shortly after 3:00 AM. An unidentified attacker compromised the server, prompting the institution to shut down multiple critical services to contain the breach. Affected systems included the Moodle learning platform, Zoom conferencing software, and the PRIMUSS campus management tool, disrupting academic and administrative operations. The university's IT service team responded rapidly by isolating the compromised server, a containment measure intended to prevent broader damage to the network. As a precaution, all login access for students and staff was immediately suspended, blocking entry to computer pools and forcing the cancellation of some virtual seminars. While internal systems remained inaccessible, the public Bayern-WLAN network provided alternative internet connectivity. A university spokesperson confirmed the attackās focus on the central server but indicated no evidence of extensive data compromise at that stage.
The incident triggered investigations by the State Criminal Police Office (Landeskriminalamt) and the State Data Protection Commissioner (Landes-Datenschutzbeauftragter), reflecting concerns over potential data breaches and operational integrity. Markus Paul, the university's Vice President, stated that full service restoration depended on the progress of these official investigations, with hopes of resuming normal operations by the following week. Immediate consequences included prolonged unavailability of academic platforms, restricted access to campus computing resources, and disruptions to scheduled virtual classes. No ransomware claims or specific attacker motives were disclosed in initial reports. The university maintained public communication through press statements but did not disclose technical details about the attack vector or whether data exfiltration occurred. Recovery efforts remained contingent on forensic findings and regulatory approvals as of the reporting date.