Cyber Incident Victim: Wiesbaden, Hesse, Germany
Date:
Jan 2023
Location:
Germany
Summary
A Russian hacktivist group known as Killnet conducted distributed denial-of-service (DDoS) attacks against multiple German websites, including federal government portals and Hamburg Airport's online presence, in apparent retaliation for the country's military support to Ukraine. The attacks temporarily disrupted website accessibility but caused no operational impacts or data breaches, with German cybersecurity authorities confirming successful mitigation efforts. Killnet publicly claimed responsibility via Telegram, issuing threats against Germany while framing the attacks as part of broader opposition to Western arms deliveries. The group has historical ties to other Russian-aligned cyber entities and specializes in politically motivated DDoS operations that typically target public-facing infrastructure without penetrating internal systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 25, 2023, Russian hacker group Killnet executed distributed denial-of-service (DDoS) attacks against multiple German websites, including the federal government’s online portal and Hamburg Airport’s site. The group publicly claimed responsibility via a Telegram post, framing the attacks as retaliation for Germany’s decision to supply Leopard 2 tanks to Ukraine. The Bundesamt für Sicherheit in der Informationstechnik (BSI) confirmed the incidents, characterizing them as volumetric attacks that overwhelmed servers with artificial traffic, causing temporary outages. While some federal administration sites experienced disruptions, the BSI noted most attacks were mitigated, and no evidence suggested compromised internal systems or data exfiltration. The agency emphasized that standard defensive measures prevented significant operational impacts, with no direct effects on critical services observed. Concurrently, the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) reported no breaches of its systems but maintained heightened alert status and coordination with external partners.
Killnet, self-identified as a "hacktivist" collective, has historically targeted nations opposing Russia’s invasion of Ukraine, including a 2022 DDoS campaign against Lithuania over transit restrictions to Kaliningrad. Their Telegram statements explicitly threatened Germany for its military aid to Ukraine, vowing to "make life difficult" through available cyber means. Cybersecurity firm Mandiant linked Killnet to Xaknet, another group accused of infiltrating Ukrainian entities and allegedly tied to Russian intelligence. The incident occurred amid broader cyber hostilities, including Anonymous’ declaration of "cyber war" against Russia in 2022. DDoS attacks, while disruptive to public-facing websites, typically leave backend infrastructure unaffected, aligning with the BSI’s assessment of limited technical consequences. Russian authorities routinely deny collusion with such groups despite Western allegations of state-sponsored cyber operations.