Cyber Incident Victim: Government and Police of Mecklenburg-Vorpommern
Date:
Apr 2023
Location:
Germany
Summary
A cyberattack targeting government entities in Mecklenburg-Vorpommern disrupted access to multiple public-facing websites, including ministerial pages, the state police’s public homepage, and a service portal, due to deliberate server overload from mass requests. The state’s IT service provider and cybersecurity team identified the attack early, formed a task force, and coordinated with national authorities to block malicious actors and implement defensive measures. A Russian cyber group claimed responsibility via social media channels. While internal police systems remained operational, the online crime reporting portal was temporarily unavailable; emergency services via 110 and physical police stations were unaffected. Technical specialists continued mitigating further attack waves during the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the morning of April 4, 2023, multiple websites within the Mecklenburg-Vorpommern state government's online infrastructure became unreachable, disrupting public access to critical services. The outage affected the state's central government portal, including ministerial websites, the public homepage of the Mecklenburg-Vorpommern State Police, and the MV-Serviceportal used for citizen services. All impacted systems were hosted and maintained by the state's IT service provider, the Datenverarbeitungszentrum (DVZ) M-V. The state's Computer Emergency Response Team (CERT M-V) and DVZ technical staff detected unusually high volumes of inbound traffic targeting these web services, which preliminary analysis confirmed as a coordinated attempt to overwhelm servers through massive artificial request volumes—characteristic of a distributed denial-of-service (DDoS) attack. State Digitalization Minister Christian Pegel announced the formation of an emergency task force that same morning to coordinate the response, with immediate notification made to Germany's Federal Office for Information Security (BSI). Technical teams implemented rapid countermeasures, including identifying and blocking source IP addresses associated with the malicious traffic while deploying additional protective mechanisms to mitigate further attack waves.
By midday, CERT M-V's investigation yielded preliminary attribution based on social media activity, indicating a Russian cyber group had claimed responsibility for the offensive. Despite the sustained attack against public-facing systems, authorities confirmed the police intranet—handling all internal operational processes—remained fully operational throughout the incident. The State Interior Ministry emphasized that physical police operations and emergency call handling via 110 were unaffected, though the Onlinewache (online police station) platform for digital crime reporting experienced temporary service disruption. Restoration efforts prioritized maintaining essential services while hardening defenses against subsequent attack phases. No data breach or system compromise was reported beyond the availability impact caused by the volumetric DDoS assault. Continuous coordination between DVZ engineers, CERT analysts, and federal cybersecurity authorities persisted through the incident to monitor traffic patterns and maintain service continuity for critical government functions.