Cyber Incident Victim: Polizei Niedersachsen

On the morning of April 4, 2023, a cyberattack targeted the internet services of the Polizei Niedersachsen (Lower Saxony Police). The incident was identified as a load-based attack directed at the organization's servers. This type of attack, commonly known as a Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack, is designed to overwhelm a target's infrastructure with a flood of internet traffic, rendering its services unavailable to legitimate users. As a direct result of this offensive action, selected public-facing websites of the Polizei Niedersachsen became intermittently unreachable. The disruption began in the morning hours and persisted throughout the day.

The scope of the incident was specifically confined to the public internet presence of the police force. A spokesperson for the Lower Saxony Ministry of the Interior confirmed that the core operational and communication systems remained fully functional despite the attack on the external web servers. The fundamental communication links between different police stations and departments were not impaired. Crucially, the availability of the Onlinewache Niedersachsen, which is the force's online platform for citizens to file reports, was also completely unaffected and continued to operate without interruption. This delineation confirmed that the attack was solely aimed at causing public disruption and inconvenience rather than breaching sensitive internal networks.

Furthermore, the attack had no impact on the police force's internal IT systems. This separation between public-facing web assets and internal, secure networks was a critical factor in containing the incident's impact. Because the internal systems were never compromised, the spokesperson was able to state definitively that data security was not jeopardized at any point during the event. No sensitive law enforcement data, personal information, or internal operational details were accessed or exfiltrated. The integrity of all police data remained intact throughout the duration of the cyberattack.

Upon detection of the anomalous traffic and service disruption, response protocols were initiated. The technical teams worked at high pressure to mitigate the attack and restore full availability to the affected websites. The primary focus of the immediate response was on actively defending against the incoming malicious traffic and implementing countermeasures to neutralize the attack's effect on the servers. While these defensive technical actions were underway, the matter was formally escalated to the Landeskriminalamt (LKA) Niedersachsen, the state criminal investigation office. The LKA promptly initiated its own investigation into the source and nature of the attack, treating it as a criminal matter.

The incident was not isolated to Lower Saxony. On the same day, it was also reported that the official state portal websites of Sachsen-Anhalt (Saxony-Anhalt) were affected by a similar cyberattack. While the article does not explicitly link the two events, their temporal proximity suggests a potential coordinated campaign targeting German state resources. The announcement of the Sachsen-Anhalt incident provided a broader context for the attack on the Polizei Niedersachsen, indicating it may have been part of a wider pattern of disruptive activity rather than a targeted operation against a single police force. The technical response and criminal investigation in Lower Saxony proceeded with this wider context in mind. The public statement from the Ministry of the Interior served to provide transparency about the nature of the disruption, reassure the public that core police functions and data remained secure, and confirm that appropriate law enforcement resources were engaged to investigate the incident.