Cyber Incident Victim: City of Frankfurt
Date:
Oct 2023
Location:
Germany
Summary
A distributed denial-of-service (DDoS) attack targeted the City of Frankfurt's website, causing several hours of downtime through coordinated mass requests that overloaded servers, with similar simultaneous attacks affecting multiple other German municipalities including Dresden and NĂĽrnberg. Separately, the city's university hospital experienced an unrelated attempted cyberattack the prior week, prompting precautionary internet disconnection without data compromise or ransom demands, amid a broader trend of hospitals facing such threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 12, 2023, the City of Frankfurt am Main experienced a distributed denial-of-service (DDoS) attack that disrupted its official website for several hours. A city spokesperson confirmed on October 13 that the website became the target of a coordinated hacker attack the previous day, specifically identifying the incident as a DDoS attack designed to overwhelm servers through massive automated requests. The attack occurred on Thursday, though the exact start and end times weren't specified in municipal statements. Frankfurt's website disruption formed part of a broader pattern affecting numerous German municipalities that same day, with confirmed impacts on the websites of Dresden and Nuremberg. The technical nature of the attack involved multiple distributed systems coordinating to flood targets with traffic, a characteristic method for causing service interruptions without breaching internal IT systems. No evidence suggested data exfiltration or system infiltration occurred during this incident. The city's announcement emphasized the operational disruption rather than any compromise of sensitive information or municipal services beyond website accessibility.
The Frankfurt website attack coincided with ongoing cybersecurity concerns in the region, as the city's Universitätsklinikum (University Hospital) had disconnected from the internet one week earlier following an attempted cyberattack. By October 13, the hospital's precautionary internet disconnection remained in effect, though officials confirmed no data encryption, exfiltration, or ransom demands had occurred during that separate incident. Municipal authorities did not disclose technical countermeasures taken during the DDoS attack or specify restoration timelines beyond confirming multi-hour disruption. The spokesperson's statement contextualized the attack within recurring cyber threats against public infrastructure, noting hospitals' frequent targeting without directly linking the two Frankfurt incidents. No attribution claims or threat actor details were provided by Frankfurt officials regarding either event. Service restoration for the city website concluded the immediate incident response cycle documented in available reports.