Cyber Incident Victim: Stadt Dülmen
Date:
Feb 2024
Location:
Germany
Summary
Stadt Dülmen fell victim to a complex cyber fraud during the procurement of two fire trucks, where manipulated emails led to the erroneous transfer of over 400,000 euros to criminal accounts. Despite adhering to internal multi-person verification protocols, the scheme succeeded, with funds traced to Romanian suspects involved in a money laundering network. The city mitigated losses through a negotiated settlement with the legitimate vendor, sharing the financial impact. In response, security measures were significantly enhanced, including staff retraining and improved procedures for validating changes to banking details, following the incident that underscored the sophisticated and deceptive tactics employed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Stadt Dülmen became the victim of a sophisticated cyber fraud attack in late February 2024 during the procurement of two new fire service vehicles. According to police statements, the incident involved organized criminals who intercepted and manipulated email communications related to the legitimate purchase. This manipulation created a scenario where the city's administration was deceived into transferring a sum of 404,600 euros to an account controlled by the perpetrators, believing it to be the correct payment for the vehicles. The attack was notably complex, with fraudsters altering details on both the buyer's (the city's) and the seller's sides of the transaction, a method described as "perfide und komplex." The financial transfer occurred specifically on February 29, 2024, marking the culmination of the criminal scheme that diverted funds intended for public safety equipment.
The fraud remained undetected at the moment of transfer, with the city's established internal control procedures, including a mandatory multi-person verification process for large payments (in this case involving three separate individuals), being formally followed yet ultimately circumvented by the attackers' tactics. The incident only came to broader public attention when the Kreispolizeibehörde presented its annual crime statistics in late February 2024, revealing that the criminal investigation had been ongoing for over a year. Police identified two 35-year-old Romanian nationals as suspects in the case, with the illicit funds traced through a network of Romanian money launderers. The Stadt Dülmen confirmed it had immediately briefed the leadership of all political factions upon discovery but maintained silence publicly due to the active investigation and to protect involved staff members. An internal review by the city concluded that despite adherence to protocols, the extreme sophistication of the attack rendered existing safeguards insufficient. In response, the city significantly expanded its IT security standards, implemented enhanced procedures for verifying changed bank details, and conducted comprehensive re-training for all employees on cyber fraud risks. Furthermore, the city engaged in negotiations with the legitimate vehicle vendor, resulting in a settlement where the financial loss was shared, thereby mitigating the total damage below the initially transferred amount. Bürgermeister Carsten Hövekamp publicly stated that the level of criminal ingenuity was shocking and that no organization could guarantee absolute immunity against such a treacherous method, placing continued reliance on the ongoing police investigation to address the matter fully.