Cyber Incident Victim: Schleswig-Holstein's Landesportal
Date:
Apr 2023
Location:
Germany
Summary
The Landesportal of Schleswig-Holstein was rendered unreachable following a widespread DDoS cyberattack. The incident caused significant disruption to the state's primary website, mirroring similar attacks that had previously targeted the official portals of Saxony-Anhalt, Mecklenburg-Vorpommern, and a federal development ministry. Technical teams from the service provider Dataport, who had resolved the issue in Saxony-Anhalt, were engaged for restoration efforts, though a precise timeline for a full return to normal operations could not be immediately provided.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 5, 2023, the official state portal of Schleswig-Holstein, schleswig-holstein.de, became the target of a widespread cyberattack. The website became unreachable beginning at 8:00 AM that morning, as confirmed by a spokesperson for the State Chancellery. The incident was part of a broader series of attacks affecting multiple German states and federal entities. The disruptions to the internet sites were expected to be resolved throughout the course of the day, though officials stated it was not possible to provide a concrete time for when the disturbance would end.
This event followed a similar cyberattack that had occurred the previous day, on April 4, 2023, which had temporarily crippled the official internet sites of the state portal of Saxony-Anhalt. According to the Ministry for Infrastructure and Digitales in Saxony-Anhalt, that incident was attributed to a so-called DDoS attack. This type of attack involves the targeted overload of the affected servers through a multitude of deliberately controlled requests, flooding the system with traffic to render it inaccessible to legitimate users.
Employees of Dataport, the information and communication service provider for the public administration, were involved in the response. These personnel had previously repaired the damage in Saxony-Anhalt following the attack there. Based on this successful prior engagement, the Kiel government spokesperson expressed corresponding optimism for a swift resolution in the northern state of Schleswig-Holstein. The expertise gained from addressing the nearly identical incident in another region provided a foundation for the technical response, though predicting an exact endpoint for the outage remained challenging due to the nature of the attack.
The scope of the coordinated campaign extended beyond these two states. There were also reports of hacker attacks from Mecklenburg-Vorpommern on the same Tuesday, April 4. Furthermore, the Federal Ministry for Economic Cooperation and Development (Bundesentwicklungsministerium) reported experiencing similar incidents, indicating a broader national campaign targeting governmental online presences. This pattern of simultaneous attacks on multiple, geographically dispersed government portals suggested a coordinated effort by the threat actors.
The primary impact of the attack on the Schleswig-Holstein Landesportal was a complete loss of availability for its public-facing website. The service was unavailable to all users, including citizens, businesses, and other entities seeking to access information or services provided through the official online portal. This disruption hindered the normal digital operations of the state government and impaired public access to its information and services.
The technical response was managed by specialists from Dataport, who applied their experience from resolving the recent incident in Saxony-Anhalt. Their actions focused on mitigating the DDoS attack, which likely involved identifying the sources of the malicious traffic, implementing filtering measures to block that traffic, and potentially scaling server capacity to absorb the abnormal load. The goal of these containment efforts was to restore normal service availability and ensure the stability of the portal against further attack waves.
While the immediate consequence was service unavailability, the spokesperson’s public communication managed public expectations by acknowledging the problem and providing a general timeframe for restoration, albeit without a specific deadline. The incident highlighted the vulnerability of critical public digital infrastructure to simple yet effective attack methods like DDoS, which can cause significant disruption without necessarily breaching data security. The interconnected nature of the response, relying on a shared service provider (Dataport) for multiple northern German states, allowed for a transfer of knowledge and a more efficient mitigation strategy across the affected entities.