Cyber Incident Victim: Karlsruhe, Baden-Württemberg, Germany

On or around January 28-29, 2023, unidentified threat actors conducted a cyberattack targeting servers belonging to seven schools in Karlsruhe, Baden-Württemberg, Germany. The attackers gained unauthorized access to the schools' IT infrastructure, deploying malicious software (Schadsoftware) and encrypting system data. The affected institutions included the Adam-Remmele-Schule, Hardtschule, Schule am Turmberg, Grundschule Wolfartsweier, Markgrafen-Gymnasium, Realschule Neureut, and Erich-Kästner-Schule. The intrusion was detected following the incident, prompting immediate action by Karlsruhe's Office for Information Technology and Digitalization (Amt für Informationstechnologie und Digitalisierung). Vocational schools in Karlsruhe remained unaffected due to their use of separate IT systems unrelated to the compromised infrastructure.

The city's IT office initiated forensic investigations with support from external cybersecurity experts and implemented containment measures by disconnecting all potentially impacted school servers from the network. This preventative isolation aimed to limit further damage while systems underwent security reviews. Operational disruptions occurred across pedagogical activities and administrative functions at the targeted schools during the outage and investigation period. Karlsruhe authorities filed a criminal complaint against unknown perpetrators and formally notified the State Data Protection Commissioner (Landesdatenschutzbeauftragten) of the breach. No data theft or additional attacker objectives were disclosed in initial reports. Restoration efforts involved methodical server reactivations only after completing security validations and clearance procedures.