Cyber Incident Victim: Bundestag

On January 26, 2023, German media reported that the Bundestag’s internet services had been targeted by a significant cyberattack, described as a large-scale distributed denial-of-service (DDoS) incident. According to an internal notification sent to parliamentary members and staff, the attack aimed to impair the availability of the Bundestag’s public-facing online platforms by overwhelming its servers with a coordinated flood of simultaneous requests from multiple systems. The Bundestag’s IT security infrastructure successfully mitigated the attack, preventing any disruption to website accessibility or parliamentary operations. No data breaches, system compromises, or unauthorized access were reported as part of the incident. The Bundestag’s press office declined to provide official confirmation or details, citing a standing policy against commenting on IT security matters.

Initial technical assessments characterized the attack as purely volumetric, with no evidence of data exfiltration or exploitation of vulnerabilities beyond the DDoS attempt. While the perpetrators remained unidentified, the internal communication noted that the pro-Russian hacker group Killnet had publicly threatened cyber operations against German institutions days prior, though no direct attribution was established. The Bundestag’s IT subdivision did not disclose mitigation specifics, attack traffic volume, or duration, nor did it confirm whether external cybersecurity agencies were involved in the response. No collateral impacts on connected government systems or public services were reported. The incident marked at least the second major cyberattack against the Bundestag’s digital infrastructure since a 2015 breach attributed to Russian state-sponsored actors.