Cyber Incident Victim: Digipolis
Date:
Dec 2022
Location:
Belgium
Summary
A cyberattack targeted the city administration of Antwerp, severely disrupting digital networks and forcing the cancellation of all citizen appointments at municipal counters. The incident impacted numerous services including police, fire departments, schools, hospitals, care facilities, museums, and archives, with some systems partially functional while others remained inoperable. The city's website experienced temporary outages, and service interruptions were expected to persist for at least a week. Authorities initiated a criminal investigation to identify those responsible for the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 7 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night leading into Tuesday, December 6, 2022, a cyberattack targeted the digital networks of the City of Antwerp’s administration and municipal offices. The attack caused significant disruptions to the city’s digital infrastructure, with impacts persisting through Tuesday afternoon. All scheduled citizen appointments at municipal service counters were canceled as a result, requiring affected individuals to reschedule. The city’s website experienced intermittent outages, rendering it temporarily inaccessible. Initial plans to reopen service counters by noon on Tuesday were abandoned due to unresolved technical issues.
The attack affected numerous municipal services, including police and fire departments, schools, kindergartens, hospitals, care facilities, museums, and archives. While computer systems in schools and kindergartens became unusable, the disruption did not uniformly paralyze all departments—some retained limited digital functionality. Authorities confirmed the consequences of the attack would persist for at least one week following its discovery. The Antwerp Public Prosecutor’s Office initiated an investigation, tasking the Computer Crime Unit with identifying those responsible. Prosecution spokesperson Kristof Aerts characterized the incident as involving "serious facts," justifying expedited investigative measures. No attribution, ransom demands, or technical details regarding the attack’s origin were disclosed publicly. Restoration timelines remained uncertain as operational disruptions continued across civic services.