Cyber Incident Victim: Landratsamt Kelheim
Date:
Jan 2024
Location:
Germany
Summary
A cybersecurity incident prompted the Landratsamt Kelheim to disconnect its internet as a precautionary measure, disrupting vehicle registration services, phone communications, email, and online applications across connected municipalities. While internal work continued partially, most public-facing operations were halted, though some towns maintained limited phone or fax access. IT specialists identified indicators of a potential cyberattack and deployed security software for analysis, with no data loss reported due to external backups. Restoration efforts prioritized reactivating the shared administrative network, which resumed for most municipalities by afternoon, enabling email and internet access. The Landratsamt continued system inspections over the weekend, anticipating full telephone service restoration by Monday afternoon.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The incident began on January 31, 2024, when the Landratsamt Kelheim became unreachable via email. By February 1, the agency preemptively disconnected its internet connection following indications of a potential cyber attack, as IT specialists identified anomalies suggesting unauthorized access. This precautionary measure aimed to isolate local systems for forensic examination while preventing further compromise of the interconnected municipal network serving all cities and communities within Kelheim district. Internal operations at the Landratsamt remained partially functional, but critical public-facing services—including vehicle registrations, phone communications, email processing, and online application systems—were suspended. IT teams deployed security software to scan for malware and initiated damage assessments, though a comprehensive analysis of the attack’s origin and methodology was deferred until systems were stabilized. By 16:00 on February 1, the communal administrative network was restored, enabling municipalities to resume internet access and email communications, while the Landratsamt planned extended internal system checks through the weekend with an expectation of restoring phone services by February 5.
The disruption propagated across the district’s interconnected infrastructure, variably impacting local governments. Kelheim’s city administration reported limited IT functionality but maintained telephone and fax services, while Abensberg experienced complete email outages. Langquaid documented widespread IT failures affecting citizen services, finance, construction, and personnel departments, though data remained secure on external backups. Neustadt’s mayor confirmed continued email submissions for deadline compliance despite delivery delays. Vehicle registration offices canceled most appointments, permitting only pre-processed driver’s license pickups, and urgent requests were redirected to neighboring jurisdictions. Schools experienced milder disruptions compared to administrative hubs. No data loss or police involvement was reported during the initial response phase, with recovery efforts prioritizing network stabilization and incremental service restoration across affected entities.