Cyber Incident Victim: Stadt Mössingen
Date:
Nov 2023
Location:
Germany
Summary
A cyber attack targeted the municipal administration, leading to a complete shutdown of its IT infrastructure and severely disrupting operations. Malware infiltration prompted collaboration between internal teams, law enforcement agencies, and external cybersecurity experts to investigate and rebuild systems from the ground up. Critical citizen services like registry office functions, ID processing, and financial transactions were prioritized through temporary workarounds, though most administrative programs remained inoperable. Email systems were largely offline, while phone communications and limited web services functioned. Public facilities including the main library faced partial closures or reduced capabilities, with full restoration expected to take significant time due to the need for comprehensive infrastructure reconstruction.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 17, 2023, the Stadtverwaltung Mössingen discovered a cyberattack targeting its IT infrastructure, prompting an immediate full shutdown of all systems to contain the threat. Forensic analysis confirmed the infiltration of malware into municipal networks, though the specific attack vector and perpetrator details remained undisclosed for investigative reasons. The city activated its crisis management team that same day, coordinating with the Reutlingen Police Headquarters, Baden-Württemberg State Criminal Police Office (LKA), and the Baden-Württemberg Cybersecurity Agency. External partners including municipal IT provider Komm.ONE and the city’s dedicated IT service provider joined remediation efforts. By November 20, the attack had forced the closure of city hall, municipal utilities (Stadtwerke), and local district administration offices to the public, though telephone communications remained operational while email systems became largely inaccessible. Critical citizen services including civil registry functions (birth/death/marriage registrations), passport issuance, and financial transactions faced severe disruptions.
Response teams prioritized restoring essential services through manual workarounds and temporary solutions while building an entirely new IT infrastructure from scratch, as decades-old digital systems required complete reconstruction. The crisis unit met daily to coordinate operational continuity, public communications via www.moessingen.de/Cyberangriff and social media, and collaborative investigations with law enforcement. Partial functionality was restored for specific departments: the [email protected] email address resumed limited operations, staff remained reachable by phone except for the LEG building tourism office, and physical municipal facilities reopened with restricted services. Library operations resumed for returns and in-house activities but suspended lending and internet access, while museums operated normally except for non-functional [email protected] communications. Ongoing challenges included dysfunctional administrative software, unreliable email systems beyond core addresses, and tourism office telephone outages. The municipality collaborated with neighboring communities to streamline emergency administrative processes during the prolonged recovery period, which required rebuilding all digital infrastructure with no definitive restoration timeline.