Cyber Incident Victim: Stadt Dortmund
Date:
Oct 2023
Location:
Germany
Summary
The City of Dortmund experienced a cyberattack causing its official website to become unreachable due to overwhelming traffic from botnets generating tens of thousands of requests per second, overloading the servers. The incident, identified as a distributed denial-of-service (DDoS) attack involving constantly shifting IP addresses, aimed to disrupt services by flooding systems with malicious traffic. Municipal data and internal IT infrastructure remained unaffected. Similar attacks targeted multiple German cities, including Cologne, where initial countermeasures partially restored website accessibility. External experts and hosting providers collaborated on mitigation efforts, though the attacks on both cities were ongoing at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 12, 2023, the City of Dortmund experienced a cyberattack that rendered its official homepage (dortmund.de) inaccessible starting around 8:30 AM local time. The disruption stemmed from a distributed denial-of-service (DDoS) attack characterized by tens of thousands of malicious requests per second directed at the city’s web servers. Attackers utilized botnets—networks of compromised devices—to generate traffic from constantly shifting IP addresses, deliberately overwhelming server capacity to induce system failure. Municipal authorities confirmed the attack remained active by evening but clarified that no internal administrative IT systems or sensitive city data were compromised. Dortmund’s hosting provider collaborated with external cybersecurity experts to implement countermeasures, though full mitigation had not been achieved by the time of reporting. The incident coincided with similar attacks on multiple German cities, including Cologne, Nuremberg, Dresden, and Hanover, all experiencing comparable server overloads through coordinated botnet-driven requests.
Cologne’s municipal servers simultaneously faced an identical DDoS campaign, described by officials as a deliberate attempt to paralyze web services through artificially inflated traffic volumes. Unlike Dortmund, Cologne’s initial mitigation efforts partially restored homepage accessibility despite the ongoing attack. Both cities emphasized the operational distinction between public-facing web servers and core administrative networks, with no evidence of data breaches or infiltration beyond the targeted service disruptions. Technical responses focused on traffic filtering and infrastructure hardening to withstand the sustained barrage of requests. The attacks exemplified a broader pattern of geographically dispersed DDoS incidents against municipal digital assets, though attribution and specific motives remained unconfirmed in public statements. Dortmund and Cologne maintained contingency measures to isolate affected systems while prioritizing the restoration of citizen-facing services amid persistent malicious activity.