Cyber Incident Victim: Westsächsische Hochschule Zwickau
Date:
Dec 2022
Location:
Germany
Summary
A cyberattack targeted the IT infrastructure of the Westsächsische Hochschule Zwickau, specifically impacting its Center for Communication Technology and Information Processing (ZKI), which manages the institution's secure network operations, data backbone, and external connectivity across multiple campuses. The incident disrupted critical services including campus networks, internet access, and communication systems, necessitating operational adjustments and alternative contact methods for users. Response efforts focused on restoring functionality while maintaining essential academic and administrative activities during the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 23, 2022, the Westsächsische Hochschule Zwickau (WHZ) experienced a significant cyber incident targeting its Center for Communication Technology and Information Processing (ZKI), which manages the university's core IT infrastructure. The attack disrupted critical network services across all campuses, including Zwickau, Schneeberg, Markneukirchen, and Reichenbach, which rely on ZKI’s backbone network and high-performance external connections. Immediate containment measures required the shutdown of affected systems to prevent lateral movement, resulting in widespread outages of email services, internet access, and internal network resources. University staff activated emergency protocols, suspending normal operations and redirecting user inquiries through alternative communication channels while forensic investigations commenced. The ZKI team collaborated with external cybersecurity experts and law enforcement to analyze the attack vector and assess data compromise risks, though the specific threat actor and intrusion method remained unconfirmed in initial stages.
The incident severely impacted academic and administrative functions during a critical period near the winter semester’s conclusion, forcing cancellations of online exams, delays in research projects, and suspension of digital enrollment processes. Manual workarounds were implemented for essential services, with faculty and students instructed to use temporary communication platforms due to prolonged email system unavailability. Physical service desks at Kornmarkt 1 and Scheffelstraße campuses maintained limited operations under heightened security protocols, prioritizing urgent IT support requests. Recovery efforts focused on restoring systems from isolated backups after ensuring their integrity, with gradual reactivation of network segments following security hardening. Full restoration of services extended beyond the initial outage window, requiring continuous coordination between ZKI’s leadership, external incident response teams, and regional cybersecurity authorities to mitigate residual risks. The university maintained transparency through intermittent status updates via secondary channels while refraining from public attribution of the attack pending conclusive forensic evidence.