Cyber Incident Victim: Deutsche Flugsicherung

A cyberattack targeting Deutsche Flugsicherung (DFS) occurred in late July 2024, with public confirmation by the agency on August 1 following media inquiries. Attackers successfully breached the administrative IT infrastructure of DFS, specifically compromising office communication systems. The intrusion did not impact air traffic control operations, with flight operations continuing normally throughout the incident. DFS immediately initiated defensive measures upon detection, focusing on containment and minimizing operational disruptions. Security authorities were notified, though the agency did not disclose specific technical details about the intrusion vector or data accessed during the breach.

Media reports attributed the attack to APT28 (also known as Fancy Bear), a group allegedly affiliated with Russian military intelligence (GRU). This attribution remains unconfirmed by official sources, reflecting the inherent challenges of reliably identifying threat actors in cyber operations. The attack timeline indicates intrusion activities concluded within the same week as discovery, though DFS provided no specifics regarding duration of unauthorized access. Separately, security researchers had recently identified an unrelated SQL injection vulnerability in DFS systems that could enable unauthorized access to security-sensitive areas by impersonating employees. This vulnerability disclosure occurred prior to the July attack but was not explicitly linked to the incident in available reporting. DFS maintained public assurances regarding flight safety while continuing incident response activities with relevant authorities.