Menu
Browse

Cyber Incident Victim: Circ IT

Date:

Jun 2023

Location:

Germany

Summary

A cyberattack on the IT service provider Circ IT disrupted the online platforms of a German media group, leaving several of its news websites largely inaccessible while ePaper editions remained reachable. The attackers reportedly used a supply‑chain compromise to affect the sites of the group’s newspapers, causing limited functionality and a temporary reduction in news updates. Investigations found no evidence that user data were accessed, and the organization has brought in external security experts to restore normal operations.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On the early evening of Friday, June 16, 2023, a cyber attack was directed at Circ IT, the in‑house IT service provider of the Rheinische Post Mediengruppe. The attack triggered technical problems that propagated to the news websites operated by the media group. According to the heise online report, the affected outlets included the Rheinische Post (rp-online.de), the Saarbrücker Zeitung (with the Pfälzischer Merkur), the Aachener Zeitung and Aachener Nachrichten, the Generalanzeiger Bonn, the Trierischer Volksfreund and the Wuppertaler Rundschau. The disruption was described as a supply‑chain attack, with the perpetrators gaining access to Circ IT and using that foothold to impair the downstream services. At the time of the report, the Circ IT systems were not reachable, indicating that the compromise had disrupted the provider’s own operations.

Cyber Incident Image

As a result, the websites of the affected newspapers were either completely unavailable or only accessible in a severely limited state, displaying a brief notice about a general disturbance. In several instances, the ePaper editions of the newspapers remained reachable, and some outlets attempted to provide a reduced news overview on subordinate pages. The Rheinische Post Mediengruppe stated that, aside from the loss of revenue caused by the outage, no further damage had been detected. A company spokesperson confirmed that, based on the current assessment, no user data had been accessed by the attackers. To address the incident, the media group engaged external IT‑security specialists to assist with investigation and recovery. The organization reported that it was working to restore normal operations and to return to a secure operating state. The heise online article, dated June 16, 2023, cited a tagesschau.de report as the source of these details.

Sources
Sources available to members
1 source