Cyber Incident Victim: Donau-Stadtwerke Dillingen-Lauingen
Date:
Apr 2022
Location:
Germany
Summary
A cyberattack targeted Donau-Stadtwerke DSDL, compromising internal IT networks and severely restricting digital access to technical facilities. Employees detected anomalies during operations, prompting management to notify police after confirming suspicions of malicious activity. Despite the compromise, manual control capabilities and segregated critical infrastructure networks ensured continuous utility services—including electricity, water, wastewater, heating, and internet—remained fully operational for customers without disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 18, 2022, employees at Donau-Stadtwerke Dillingen-Lauingen (DSDL) discovered disruptions to internal IT networks during routine operations on Easter Monday. Technical systems exhibited abnormal behavior, with digital access to operational technology severely restricted across affected infrastructure. The incident coincided with a separate cyberattack targeting Reitzner AG, another Dillingen-based company, though no explicit connection between the two events was established in available reports. DSDL personnel rapidly escalated concerns upon confirming persistent system irregularities, leading management to suspect a coordinated cyber intrusion. By midday, Werkleiter Wolfgang Behringer formally notified law enforcement authorities, initiating an official investigation into the operational disruptions. Initial assessments focused on isolating compromised systems while maintaining manual oversight of critical infrastructure components. The attack timeline suggests a concentrated effort targeting municipal service providers during a holiday period, potentially exploiting reduced staffing levels.
DSDL implemented pre-existing contingency measures to sustain service delivery despite network impairments. Manual control protocols for energy generation, water distribution, and wastewater management systems remained fully operational, preventing interruptions to electricity, heating, water supply, and internet services for customers. This continuity was achieved through physically segregated control networks that maintained independence from compromised administrative IT systems. Public communications emphasized stable infrastructure operations through redundant manual controls while forensic analysis of affected digital systems proceeded. No data exfiltration or ransomware demands were documented in available reporting. The coordinated response between technical staff and law enforcement focused on containing the intrusion while preserving evidentiary chains for subsequent investigation. Service reliability metrics indicated no measurable degradation in utility outputs throughout the incident response period.