Cyber Incident Victim: Enercon
Date:
Apr 2023
Location:
Germany
Summary
A distributed denial-of-service (DDoS) attack targeted Berlin's government service portal, causing significant slowdowns and temporary disruptions to public services and police communications platforms. The incident, described as the largest cyberattack on the city's administrative web infrastructure, formed part of a broader campaign affecting multiple German states including Brandenburg, Schleswig-Holstein, and Saarland, with additional disruptions reported in Mecklenburg-Vorpommern, Saxony-Anhalt, and Lower Saxony. While officials confirmed no data theft or infiltration of internal networks occurred, some regional police services required extended downtime for security enhancements. Unverified claims from a pro-Russian hacker group circulated regarding responsibility, with cybersecurity experts noting increased Russian-linked activity following Western support for Ukraine, though definitive attribution remained unconfirmed at the time.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 5, 2023, Berlin authorities confirmed the resolution of a significant distributed denial-of-service (DDoS) attack targeting the Berlin.de service portal, which hosts digital services and information for citizens and government agencies. The attack commenced on April 4 shortly after 8:00 AM, flooding servers with excessive traffic to deliberately overload systems, resulting in severe slowdowns of the portal. By April 5, operations had largely normalized, though residual technical disruptions from defensive measures remained possible. Berlin’s State Secretary for Digital Affairs, Ralf Kleindiek, characterized this as the largest cyberattack to date against Berlin’s state administration websites, noting it formed part of a coordinated nationwide assault on German infrastructure. The attack impaired public access to essential services, including the Berlin Police’s ability to publish online announcements. Authorities confirmed no infiltration of internal state networks occurred, with no evidence of data exfiltration or theft, affirming the effectiveness of existing security protocols.
The incident extended beyond Berlin, affecting multiple German states. Brandenburg’s police services experienced prolonged disruptions, disabling online crime reporting and fine inquiries until at least April 5, with restoration efforts prioritized before Easter holidays. Schleswig-Holstein’s state portal faced inaccessibility, while Saarland, Mecklenburg-Vorpommern, Saxony-Anhalt, and Lower Saxony reported similar service interruptions to government and police websites. Brandenburg police cited unverified social media claims by a pro-Russian hacker group regarding responsibility, though investigations by state criminal offices focused on computer sabotage allegations without confirming perpetrator identities. Technical modifications were implemented across affected systems to prevent recurrence, emphasizing protocol adjustments over infrastructure breaches. Cybersecurity experts noted contextual parallels to Russia-aligned activity following Western support for Ukraine but cautioned against definitive attribution absent investigative conclusions.