Cyber Incident Victim: Frankfurter University of Applied Sciences
Date:
Jul 2024
Location:
Germany
Summary
The Frankfurter University of Applied Sciences experienced a serious cyberattack, prompting immediate security measures including disconnecting external access and shutting down IT systems. This resulted in widespread disruptions: online services and the official website became unavailable, elevators were disabled for safety, and enrollment processes were halted. The institution is communicating updates via maintenance pages and social media while maintaining in-person classes. Authorities, including police, are involved in the investigation, though restoration timelines remain unclear. The incident follows a pattern of recent cyberattacks targeting regional academic institutions, though no data compromise specifics were confirmed in this case.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 6, 2024, at approximately 20:00 local time, unidentified attackers breached portions of the IT infrastructure at Frankfurt University of Applied Sciences (UAS). The university administration confirmed the incident on Monday, July 8, characterizing it as a "serious hacker attack" despite existing high-security measures. In response, UAS immediately isolated affected systems by blocking external access to IT resources and deactivating multiple services as a containment measure. This action rendered the institution's official website inaccessible and disrupted online enrollment processes. Physical building elevators were also disabled as a precautionary security step, though on-campus instruction continued without interruption. The university communicated updates through a maintenance page, LinkedIn, Facebook, and internal campus network notifications while primary communication channels remained offline. Law enforcement and relevant authorities were notified, though the attackers' identity, methods, and objectives remained unspecified at the time of reporting.
The cyberattack caused widespread operational disruptions, including the prolonged unavailability of critical online services and internal systems. University stakeholders faced communication challenges due to the inaccessibility of standard email and web platforms, relying instead on alternative channels for incident updates. No timeline was provided for full service restoration, leaving administrative processes like student enrollments in limbo. The incident followed a pattern of recent cyberattacks targeting Hessian academic institutions, including a May 2024 breach at Wiesbaden Police University involving sensitive data theft, a prior email leak at Universitätsmedizin Mainz, and an October 2023 ransomware attack on Frankfurt University Hospital that forced manual billing processes. UAS did not disclose whether data exfiltration occurred or specify which IT components were compromised beyond confirming partial infrastructure access by the threat actors.