Cyber Incident Victim: Landkreis Reutlingen
Date:
Jun 2023
Location:
Germany
Summary
A cyberattack disrupted the Gemeinde Hülben's administrative operations, forcing a complete shutdown of IT systems and severing communication channels. External cybersecurity experts confirmed data exfiltration, with forensic analysis ongoing to determine the scope. The incident prompted collaboration with law enforcement, including the Cybercrime Contact Office and Esslingen Criminal Police, while the Baden-Württemberg Cybersecurity Agency deployed a response team. Critical municipal services outside the town hall remained operational, and emergency protocols were activated with neighboring support. No ransom demands were made, and authorities are assessing potential exposure of sensitive information with plans to notify affected individuals if necessary.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 14, 2023, the municipal administration of Hülben (part of the Landkreis Reutlingen administrative district in Baden-Württemberg, Germany) experienced a cybersecurity incident that severely disrupted operations. Technical problems first emerged that afternoon, rendering the administration unreachable by phone or email. Immediate countermeasures were initiated, including the shutdown of all municipal servers to prevent further spread of the attack. External IT experts from the municipality's provider Komm.ONE were engaged, and the Cybersecurity Agency of Baden-Württemberg (CSBW) deployed a Mobile Incident Response Team (MIRT) the same day to assist with forensic analysis. By June 15, cybersecurity experts confirmed the event as a deliberate cyberattack, though no ransomware demands were received. Critical infrastructure outside town hall operations—including the public works department, schools, cafeteria, and childcare facilities—remained largely unaffected, though core administrative functions dependent on networked systems became inoperable.
The incident triggered a multi-agency response involving law enforcement and technical specialists. The municipality filed a criminal complaint with Baden-Württemberg's Central Cybercrime Contact Point (ZAC), leading to investigations by Esslingen Criminal Police Directorate under the jurisdiction of Tübingen Public Prosecutor's Office. Forensic examinations confirmed data exfiltration occurred, though the scope and nature of compromised data remained under analysis as of June 26. All online appointment bookings were canceled for two weeks, with emergency services partially maintained through neighboring municipality Grabenstetten. Administrative operations faced prolonged disruption, with systems expected to remain offline until at least June 22 during infrastructure rebuilding. The State Commissioner for Data Protection and Information Security was notified, with commitments made to inform citizens if personal data exposure is confirmed. Recovery efforts focused on restoring systems with enhanced security protocols while maintaining limited emergency communications via temporary phone and email channels.