Cyber Incident Victim: Stadt Halberstadt
Date:
Jul 2025
Location:
Germany
Summary
The city administration of Halberstadt experienced a distributed denial‑of‑service attack that overwhelmed its internet portal with traffic from changing IP addresses, rendering the site inaccessible for several hours. The attack was detected in the morning and the service provider restored normal availability by mid‑afternoon. Internal systems remained secure, with no evidence of data compromise or intrusion, and the incident was reported to CERT Nord as part of a broader coordinated effort affecting multiple municipal websites in the region.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday, 29 July 2025, the internet portal of the Halberstadt city administration became inaccessible for several hours due to a targeted cyber‑attack on the technical infrastructure of the service provider that hosts the site. The attack was identified as a Distributed Denial of Service (DDoS) assault, in which the web server was flooded with a massive volume of automated requests originating from constantly changing IP addresses. The objective of such an attack is to disrupt the availability of the service rather than to infiltrate systems or exfiltrate data. The city’s IT department detected the incident at approximately 08:15 hours.
Upon detection, the municipal IT team immediately notified the responsible service provider, which promptly initiated defensive measures and began work to restore accessibility. By around 15:00 hours the city’s website was again regularly available to users. Regional media reports indicated that the DDoS activity was part of a coordinated action affecting multiple municipal internet presences across Saxony‑Anhalt. Throughout the incident, the internal IT systems of Halberstadt’s administration remained unaffected and were never at risk.
Joint assessments conducted with the service provider have so far revealed no evidence of a compromise or any data outflow from the affected systems. In accordance with standard procedures, the city administration reported the attack to the Computer Emergency Response Team North (CERT Nord). Further steps will be coordinated closely with the service provider and the relevant security authorities.