Cyber Incident Victim: Hamburger Friedhöfe AöR
Date:
Dec 2022
Location:
Germany
Summary
A municipal cemetery operator and affiliated crematorium services in Hamburg experienced a disruptive cyberattack where hackers paralyzed IT systems and encrypted files, severely limiting internal email and telephone communications. Electronic cemetery gate locks malfunctioned, requiring barriers to remain open, though customer operations like funerals continued with potential delays. The organization confirmed no data theft occurred and external specialists were engaged for remediation, though full recovery was anticipated to take weeks. Law enforcement initiated an investigation into the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 19, 2022, hackers launched an attack against Hamburger Friedhöfe AöR and Hamburger Krematorium GmbH, disrupting operations at four cemeteries (Ohlsdorf, Öjendorf, Volksdorf, Wohldorf) and cremation facilities in Ohlsdorf and Öjendorf. The attackers encrypted files and paralyzed multiple IT systems, causing immediate operational failures across affected sites. Internal communication channels including email and telephone services experienced severe limitations, hindering administrative coordination. Critical infrastructure such as electronic cemetery gate locking systems malfunctioned, requiring the Ohlsdorf vehicle barrier to remain open to prevent access issues. The attack persisted for multiple days, with initial public statements emerging on Wednesday following the Monday incident onset.
Cemetery spokesperson Lutz Rehkopf confirmed no customer data theft occurred and assured mourners that scheduled funerals would proceed despite technical disruptions. Operational impacts included delayed telephone information services and compromised administrative workflows, though frontline burial services maintained continuity. External cybersecurity specialists engaged in remediation efforts estimated resolution could require weeks due to system-wide compromises. Law enforcement initiated an investigation into the attack's origins and perpetrators while the organization maintained public-facing operations to minimize visibility of technical issues to visitors. The incident caused sustained IT infrastructure damage requiring comprehensive restoration efforts across multiple physical locations under the municipal operator's management.