Cyber Incident Victim: Landesportal Sachsen-Anhalt
Date:
Jul 2025
Location:
Germany
Summary
The state portal of Sachsen-Anhalt was hit by a distributed denial-of-service attack carried out by the pro‑Russian hacking group NoName057(16), which temporarily rendered several ministry websites inaccessible. While access was later restored, the attack slowed page loading, blocked the press‑release section, prompted activation of procedural defenses and consideration of geoblocking for the attack’s source regions, and prompted authorities to evaluate filing charges against the perpetrators.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Thursday morning, several ministry websites inSaxony-Anhalt became temporarily unreachable after the Landesportal came under a sustained cyber attack. A spokesperson for the Digitalministerium confirmed that the attack was a distributed denial of service (DDoS) operation carried out by the prorussian hacking group NoName057(16). The flood of requests overwhelmed the server, preventing normal access to the portal and its associated sites. By later in the day the service was restored, although some pages continued to experience delays.
The attack placed particular pressure on the press releases page, which was blocked as a large portion of the traffic was directed there. Users reported that page loading times were noticeably slower across the portal. Since 2024 the state government has employed newer detection and mitigation technologies that, according to the ministry, kept the portal accessible with only minor restrictions during the incident. Dataport’s IT security center activated procedural specific defense measures and prepared to implement geoblocking for the source regions of the attack traffic. Other federal states that rely on Dataport’s services were reported to be unaffected at that time.
A DDoS attack functions by directing massive volumes of requests at a target server to exhaust its capacity and cause temporary unavailability. The ministry noted that it remained unclear whether other German states had been impacted by the same wave. Authorities indicated that they were reviewing whether to file criminal charges against the perpetrators of the attack.