Cyber Incident Victim: Murnau
Date:
May 2022
Location:
Germany
Summary
Unauthorized casino advertisements appeared on the municipal website of Murnau, prompting concerns of a potential cyber intrusion. A local official discovered the suspicious content and recommended suspending access to IT systems and council meetings pending investigation. The municipality confirmed no intentional placement of ads, initiated an inquiry with its external web hosting provider, and filed a criminal complaint for data espionage and system damage under relevant statutes. Internal networks and citizen-facing services remained unaffected as they operated on separate infrastructure. The incident raised questions about existing security protocols despite the municipality's stated adherence to IT security standards, including certifications and regular staff training. The breach method remained undetermined at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 11, 2022, unauthorized casino advertisements appeared on the official website of the Markt Murnau municipality in Bavaria, Germany. CSU parliamentary group leader Rudolf Utzschneider discovered the suspicious content during a routine visit to the site, documenting it with screenshots. The compromised section displayed incongruous text encouraging visitors to "try their luck together with the casino" alongside standard municipal information about the town council. Utzschneider immediately alerted authorities, recommending all council members refrain from accessing municipal IT systems until security could be verified and proposing the cancellation of upcoming meetings due to potential risks. Initial municipal investigations suggested the breach likely occurred during the night of May 10-11, though exact timing remained unconfirmed. Police were notified, with an official complaint filed under German criminal code sections 202 (data espionage) and 303 (computer sabotage).
Municipal spokesperson Annika Röttinger confirmed the advertisements were unauthorized, clarifying that the town neither hosts nor permits third-party advertising on its digital platforms. The municipality's external web hosting provider initiated forensic analysis while preliminary checks indicated no compromise to other systems, including internal networks, citizen information portals, or online services. Technical staff confirmed the website operated on external servers segregated from core municipal infrastructure, allowing citizen services to continue uninterrupted. Despite Utzschneider's security concerns regarding potential phishing or ransomware risks, the municipality maintained its internal systems remained secure, citing compliance with Bavaria's E-Government Act and certification from the State Office for Information Security. Investigations continued to determine the intrusion method and evaluate why existing security measures failed to prevent the content alteration.