Cyber Incident Victim: Landesregierung Mecklenburg-Vorpommern
Date:
Apr 2023
Location:
Germany
Summary
The Landesregierung Mecklenburg-Vorpommern reported that its online portals, including ministry sites, the police public homepage and the MV‑Serviceportal, became inaccessible after a surge of traffic identified as a distributed denial‑of‑service attack. The state’s IT service provider DVZ MV and its computer emergency response team CERT MV launched a task force, notified the Federal Office for Information Security, blocked early‑identified attackers and implemented further defenses. A Russian cyber group claimed responsibility on social media. While the police intranet remained operational, the online police report desk was temporarily unavailable, though emergency services could still be reached via the usual number.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the morning of April 4, 2023, users attempting to access several internet sites of the Mecklenburg-Vorpommern governmental portal found them unreachable. The affected sites included the online presences of various state ministries, the public homepage of the Landespolizei, and the MV-Serviceportal. All of these services are provided and technically maintained by the Landes IT-Dienstleister, the Datenverarbeitungszentrum (DVZ) M-V. IT specialists from the DVZ and the Landes Computer Emergency Response Team (CERT M-V) observed a marked increase in request traffic early that day. Initial analysis indicated that the surge was consistent with a distributed denial-of-service attack intended to overload the servers. In response, a task force was convened and the Bundesamt für Sicherheit in der Informationstechnik (BSI) was informed of the incident.

The specialists continued to work intensively to clarify the sequence of events and to block further attack waves. They reported having identified and blocked early attackers and having deployed additional technical measures to mitigate the ongoing traffic. According to information from CERT M-V, a Russian cyber‑group claimed responsibility for the attack on social‑media channels. The interior ministry confirmed that the police intranet, which supports internal police operations, was not affected by the incident. Consequently, police personnel remained fully operational at local stations and reachable by telephone, with only the online wache for filing reports temporarily unavailable. For emergencies, citizens were advised to continue using the standard emergency number 110.
