Cyber Incident Victim: Munich
Date:
Feb 2025
Location:
Germany
Summary
A recent distributed denial-of-service (DDoS) attack targeted the Bavarian state government's online presence, temporarily rendering several official websites inaccessible. The incident affected the state chancellery, the ministry for digital affairs, the Bavarian police portal, and for approximately one day the Munich district office and the city of Garching. According to the state office for information technology security, the attack is suspected to be linked to pro-Russian hacktivism, though investigators have not confirmed any connection to the Munich Security Conference. No data was compromised, no information was exfiltrated or encrypted, and no physical damage occurred. The state criminal police office is conducting an ongoing investigation, and after completing its analysis, the case will be forwarded to law enforcement for potential prosecution.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On a Thursday in mid-February 2025, the digital infrastructure of the Bavarian state government in Munich came under attack. The websites of the state chancellery, the Staatskanzlei, and the state ministry for digital affairs, the Staatsministerium für Digitales, were targeted and became temporarily inaccessible. The responsible authority, the Bavarian State Office for Security in Information Technology (LfSI), quickly identified the method as a Distributed Denial-of-Service (DDoS) attack, which overwhelms a service with traffic to disrupt its availability. According to the LfSI's assessment communicated to the German Press Agency (dpa) on the following Sunday evening, the attack was with high probability linked to "pro-Russian hacktivism." Despite the disruption to public-facing websites, a critical finding was that no actual damage occurred; no data was stolen, leaked, or encrypted, and no systems were compromised beyond the service interruption. The attack's impact extended beyond the primary state targets, as irregularities were also confirmed on the internet presence of the Bavarian Police. Furthermore, the websites of the Munich District Office (Landratsamt München) and the town of Garching were also offline for approximately one day, indicating a broader scope of disruption across regional public administration portals in the Munich area.
Following the incident, the investigation was immediately taken up by the Bavarian State Criminal Police Office (LKA). The LKA confirmed the details of the attack to the Bayerischer Rundfunk (BR) public broadcaster but stated it could not yet assess whether the timing was connected to the ongoing Munich Security Conference, a major international event. The LfSI completed its initial technical analysis of the attack vector and, as is standard procedure, announced that the case file would be formally transferred to the police for criminal prosecution. Throughout the response, authorities emphasized that while the attack caused a temporary denial of service for several key government and municipal websites, the core security of the systems held; the primary consequence was the brief unavailability of public information and service portals, with no evidence of data exfiltration or deeper system infiltration reported.