Cyber Incident Victim: Frankfurter Entsorgungs- und Service GmbH
Date:
Jun 2022
Location:
Germany
Summary
A cyberattack targeting a shared IT service provider disrupted operations at multiple organizations, including Frankfurter Entsorgungs- und Service-Gruppe (FES). The company preemptively disconnected all servers linked to the compromised provider, causing temporary outages in online services such as bulk waste registration and customer portal access. Core municipal services—including waste disposal, street cleaning, and incineration plant operations—remained fully functional, with no compromise of customer data reported. The incident's resolution timeline depended on the provider's data center restoration efforts in Darmstadt. Other affected entities using the same IT infrastructure experienced similar disruptions to public-facing websites and email systems, though critical infrastructure like energy and water networks remained isolated and unaffected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 5 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 12, 2022, the Frankfurter Entsorgungs- und Service-Gruppe (FES) became affected by a cyberattack targeting a shared IT service provider utilized by multiple municipal service companies in the region. The incident originated at an external IT service provider based in Darmstadt, which also supported Entega, a Darmstadt-based energy utility, and Mainzer Stadtwerke, a municipal utility group in Mainz. FES preemptively disconnected all servers linked to the compromised provider upon discovering the breach, as announced by the City of Frankfurt on June 13. This containment measure aimed to prevent potential lateral movement of the attackers within FES systems. The attack disrupted FES's customer-facing digital services, including online registration for bulky waste collection and access to its citizen customer portal, though core operational services like waste management, street cleaning, and operations at the Müllheizkraftwerk waste incineration plant remained fully functional.
The incident impacted multiple organizations sharing the same IT infrastructure provider. Mainzer Stadtwerke experienced outages affecting public websites for Mainzer Mobilität (public transport) and Taubertsbergbad swimming pool, along with internal email server inaccessibility. Entega reported compromised email accounts for its 2,000 employees and website disruptions. All three entities confirmed their critical infrastructure systems—including FES’s waste processing, Mainzer Stadtwerke’s energy/water networks, and Entega’s power/gas/water supply—remained isolated from the attack due to segregated protective measures. No customer data breaches occurred at FES or the other affected organizations. Recovery timelines depended on the Darmstadt-based IT provider’s restoration progress, with FES emphasizing its preparedness for such incidents. Investigators from the Hessian State Criminal Police Office had not identified the attackers or their motives at the time of reporting.