Cyber Incident Victim: Abwasser- und Straßenreinigungsbetrieb Stadt Gifhorn
Date:
Jul 2022
Location:
Germany
Summary
A cyberattack disrupted the IT systems of a municipal wastewater and street cleaning service provider, initially limiting employee communication to phone calls before email functionality was restored. The organization's crisis management team, supported by external cybersecurity experts, worked to restore full operations by the end of the following week, though data recovery analysis remained ongoing. Critical infrastructure including the wastewater treatment plant—protected by an isolated network—and depot vehicles remained operational throughout the incident. The attack was detected overnight during routine system maintenance, prompting immediate containment measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyberattack on Abwasser- und Straßenreinigungsbetrieb Stadt Gifhorn (ASG) was detected around 5:00 AM on July 26, 2022, during routine nighttime system maintenance by the organization’s IT support team. Immediate containment measures were initiated upon discovery, though the attackers had already compromised the EDV (electronic data processing) systems, disrupting internal operations and external communications. Employees initially reverted to telephone-only contact with customers due to email system inaccessibility, though email functionality was partially restored shortly afterward. The city engaged a specialized cybersecurity service provider to assist with incident analysis and crisis management, forming a dedicated crisis team within 24 hours under the leadership of First City Councillor Kerstin Meyer. This team worked continuously, including through the weekend, to methodically address system vulnerabilities and restore full operational capacity, targeting completion by the end of the following week.
Critical infrastructure components remained largely unaffected due to network segmentation. The wastewater treatment plant operated without disruption, as its isolated and resilient control systems were not breached. Similarly, ASG’s operational yard—housing street-cleaning vehicles, suction tankers, and sweepers—maintained full functionality. Forensic investigations focused on determining the attack’s origin, scope, and potential data compromise, with recovery efforts including possible data restoration from backups. Meyer acknowledged slower-than-expected progress in the initial days, citing the complexity of responsible analysis. Public updates were provided via ASG’s website, while city officials refrained from speculating about attacker identities or motives, emphasizing operational recovery priorities.