Cyber Incident Victim: Amtliche Schulverwaltung (ASV)
Date:
Feb 2025
Location:
Germany
Summary
A cyberattack disrupted the websites of the Munich district administration office and the city of Garching, rendering them inaccessible for extended periods. The incident involved distributed denial-of-service (DDoS) attacks that overwhelmed servers with excessive traffic, causing intermittent outages that persisted for hours across both platforms. Technical service providers implemented temporary redirects to restore partial functionality while working to resolve the issue, though accessibility remained inconsistent depending on users' network providers. The coordinated attacks affected multiple local government web services managed by external vendors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 13, 2025, the city of Garching experienced a cyberattack targeting its municipal website starting in the early morning hours. The attack rendered www.garching.de inaccessible throughout the day until evening, with service restoration efforts continuing into nighttime operations. Technical analysis confirmed the incident as a distributed denial-of-service (DDoS) attack, where attackers overwhelmed the city's web servers with excessive traffic volumes beyond operational capacity. Municipal authorities coordinated with their external technical service provider to implement an interim solution by establishing automatic URL redirection. This temporary measure allowed users accessing the primary domain to view the city's homepage through alternative routing while forensic investigations and mitigation efforts proceeded. No data breaches or secondary compromises were reported in connection with the initial disruption.
The incident expanded on February 14 when the Munich District Administration (Landratsamt München-Land) confirmed its website www.landkreis-muenchen.de had experienced intermittent outages since February 13, with complete inaccessibility persisting through the morning of February 14. Technical staff attributed the instability to a separate cyberattack affecting the same external service provider responsible for hosting both municipal sites. Network-dependent accessibility variations suggested possible infrastructure-level targeting or filtering complications rather than uniform server failure. District officials emphasized their provider's intensive remediation efforts while acknowledging unpredictable restoration timelines. Both entities maintained offline administrative operations throughout the disruptions, with no evidence suggesting collateral damage to internal systems beyond public-facing web services. Service restoration priorities focused on stabilizing core access points before addressing residual performance irregularities.