Cyber Incident Victim: Erfurt

On the morning of Tuesday, July 29, 2025, starting at approximately 8:30 AM, the official website of the city of Erfurt, erfurt.de, became unreachable due to a deliberate cyberattack. The attack was identified as a Distributed Denial-of-Service (DDoS) incident, specifically designed to overwhelm the website's capacity. Attackers flooded the site with an extremely high volume of traffic, peaking at around 4.5 million access attempts per hour. This massive influx of malicious requests caused the website to crash, rendering it inaccessible to legitimate users for several hours. The primary impact was the complete unavailability of the city's primary online portal, disrupting public access to information and services hosted on erfurt.de.

The City of Erfurt's Office for Information Technology responded promptly to the incident. They initiated measures aimed at limiting the attack's effects and restoring service. Due to these response actions, the erfurt.de website was successfully brought back to normal operation around 1:00 PM on the same day. The city administration stated that, thanks to pre-existing security precautions, there was no danger to sensitive data resulting from this attack. Investigations revealed that the assault on Erfurt was not isolated but part of a larger coordinated wave of attacks targeting multiple municipalities and administrative bodies across Germany, including Magdeburg, Halberstadt, and the Burgenlandkreis district. Authorities immediately notified the State Criminal Police Office (Landeskriminalamt - LKA) and the Thuringia State Computing Center (Thüringer Landesrechenzentrum). The Central Contact Point for Cybercrime (Zentrale Ansprechstelle Cybercrime) within the LKA has taken charge of the criminal investigation into the incident.