Cyber Incident Victim: Posteo
Date:
May 2022
Location:
Germany
Summary
Posteo, an email service provider, experienced significant distributed denial-of-service (DDoS) attacks causing network disruptions, delays, and intermittent service accessibility. The company implemented technical countermeasures to mitigate the attacks, which differed from prior incidents by lacking accompanying ransom demands. Users were advised to monitor service status via official channels and refrain from submitting support inquiries during brief outages to prevent further strain on systems. The attackers aimed to overwhelm infrastructure through coordinated traffic floods, though incoming emails were retained for delivery once servers stabilized. Posteo later recommended alternative network access methods—such as switching to mobile data or temporarily disabling Wi-Fi—to bypass connection issues affecting specific networks, alongside suggesting desktop email clients for improved reliability during ongoing instability.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 17, 2022, Posteo, a German email service provider, began experiencing distributed denial-of-service (DDoS) attacks described as being of "larger scale." These attacks caused network disruptions, delays in service, and intermittent accessibility issues for users. Posteo confirmed the outages stemmed from malicious activity rather than technical failures within their infrastructure. The company implemented unspecified technical measures to counteract the attacks, though the disruptions persisted beyond the initial incident day. Unlike previous DDoS incidents targeting Posteo, the attackers did not accompany these actions with ransom demands, distinguishing this campaign from prior extortion attempts.
Posteo advised customers to monitor service status updates via its Twitter account (@Posteo_de) or official status page, explicitly requesting users refrain from submitting support tickets during brief connectivity interruptions to prevent further straining resources. The company emphasized that inbound emails were queued for delivery once servers stabilized, assuring no data loss occurred. By May 18, Posteo had notified Germany’s Federal Office for Information Security (BSI) and updated customer guidance due to ongoing sporadic connectivity issues affecting specific networks. Recommendations included temporarily switching to alternative networks—such as mobile data—or disabling WiFi to bypass affected routes. For Windows users, accessing email through desktop clients like Thunderbird or Outlook was suggested as a workaround during periods of webmail instability. The attacks aimed to degrade service availability by overwhelming infrastructure with traffic, aligning with typical DDoS objectives of disrupting operational continuity without directly compromising data integrity.