Cyber Incident Victim: Wiesbaden, Hesse, Germany
Date:
Feb 2023
Location:
Germany
Summary
Websites of several German airports experienced temporary disruptions due to suspected distributed denial-of-service (DDoS) attacks, temporarily taking seven online portals offline while leaving core operational systems unaffected. The incident primarily impacted regional facilities, including those in Dusseldorf, Nuremberg, and Dortmund, though major hubs maintained normal website functionality. The attacks occurred amidst unrelated IT failures at a national airline but did not demonstrate broader technical compromise beyond targeted webpage accessibility. Aviation authorities noted the intent appeared consistent with typical hacktivist disruption tactics rather than advanced intrusion attempts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 16, 2023, the websites of seven German airports became inaccessible due to suspected distributed denial-of-service (DDoS) attacks, as confirmed by the German airport association ADV. Among the affected airports were those in Düsseldorf, Nuremberg, and Dortmund, though the websites of Germany’s largest airports in Frankfurt, Munich, and Berlin remained operational. ADV Chief Executive Ralph Beisel characterized the incident as another wave of large-scale DDoS attacks targeting airport infrastructure, noting that the websites experienced temporary downtime. The attacks involved flooding targeted servers with overwhelming internet traffic, a technique commonly associated with hacktivist groups seeking to disrupt services without breaching systems. No additional airport systems, such as flight operations or passenger processing infrastructure, were compromised during the event. The incident occurred amid heightened scrutiny of aviation IT resilience following a separate, unrelated Lufthansa IT failure the previous day that stranded thousands of passengers.
Beisel indicated that while the immediate impact was limited to temporary website outages, authorities remained uncertain whether the disruptions would spread to additional locations. The attacks exclusively targeted public-facing websites, preventing travelers from accessing flight information or airport services online but causing no direct operational disruptions to air traffic or security systems. ADV's statement provided no specifics regarding mitigation measures beyond confirming the temporary nature of the outages and the isolation of the attacks to web services. The incident mirrored common DDoS patterns observed in prior attacks against German infrastructure, where hacktivists leverage readily available tools to generate disruptive traffic volumes. At the time of the report, investigations into the attacks’ origin or potential attribution remained ongoing, with no claims of responsibility documented in public sources. The association did not disclose whether law enforcement or cybersecurity agencies had been formally engaged to investigate the disruptions.