Menu
Browse

Cyber Incident Victim: Circ IT

Date:

Jun 2023

Location:

Germany

Summary

A cyber attack on the IT service provider Circ IT disrupted the online platforms of a German media group, affecting the websites of its newspapers including rp-online.de, the Saarbrücker Zeitung, the Aachener Zeitung and Nachrichten, the Generalanzeiger Bonn, the Trierischer Volksfreund and the Wuppertaler Rundschau. The attack caused the sites to be unavailable or only partially accessible, while ePaper editions remained available and no user data was reported compromised. The media group has engaged external security experts and is working to restore normal operations.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On the evening of Friday, June 16, 2023, a cyber attack targeted the internal IT service provider Circ IT of the Rheinische Post Mediengruppe. The attack caused technical problems at Circ IT, which in turn affected the availability of the group's news websites. According to Tagesschau, the incident began in the early Friday evening and led to widespread disruption. Insider information indicated that attackers had breached Circ IT and used a supply‑chain approach to compromise the websites.

Cyber Incident Image

As a result, the online portals of Rheinische Post (rp-online.de), Saarbrücker Zeitung (including Pfälzischer Merkur), Aachener Zeitung/Aachener Nachrichten, Generalanzeiger Bonn, Trierischer Volksfreund and Wuppertaler Rundschau were either offline or only minimally accessible. Visitors to the sites saw only a brief notice about a general disturbance, while ePaper editions of the newspapers remained reachable in many cases. In some instances, the operators attempted to provide a reduced news overview on a sub‑page to maintain limited service.

Circ IT reported that it was working to resolve the disturbances, and the Mediengruppe stated that, aside from lost revenue, no further damage had occurred. A spokesperson confirmed that, to the current state of knowledge, no user data had been accessed. The Mediengruppe engaged external IT‑security specialists to assist with the investigation and to restore secure operations.

Sources
Sources available to members
1 source