Cyber Incident Victim: Hochschule Karlsruhe
Date:
Oct 2023
Location:
Germany
Summary
The Hochschule Karlsruhe experienced a cyberattack targeting its IT infrastructure, prompting a precautionary shutdown of all systems to mitigate risks and initiate damage analysis with external IT security experts. While the e-learning platform ILIAS has been restored, other critical systems like email servers remain under assessment, with temporary communication channels established for essential operations. Academic and administrative activities continue uninterrupted through alternative methods, supported by in-person updates and centralized functional email addresses. Authorities have been notified, but the perpetrators remain unidentified at this stage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In the early hours of October 2, 2023, Hochschule Karlsruhe (HKA) experienced a cyberattack targeting its IT infrastructure, with anomalies detected during morning monitoring operations. The attack occurred overnight between Sunday, October 1, and Monday, October 2, prompting immediate activation of the university's crisis team. Recognizing the pattern of recent cyberattacks against public institutions across the state, HKA proactively disconnected all IT systems from the network as a precautionary security measure. External IT security experts were engaged to conduct damage assessment while authorities were notified of the incident. Initial impacts included the complete unavailability of HKA's official website, which was replaced by an emergency information page, and the shutdown of core services including email systems via Exchange Server and the e-learning platform ILIAS. By the time of the first status update on October 2, partial restoration efforts had succeeded in returning ILIAS to operational status for all university members.
Recovery operations prioritized comprehensive system audits across all university computers and infrastructure, with no definitive timeline established for full restoration of services. The IT department focused on preparing the gradual relaunch of systems, with particular attention to restoring email functionality through Exchange Server, though completion remained pending. Academic and administrative operations continued using alternative communication methods, including physical notices at departmental offices, dedicated phone contacts, and centralized functional email addresses for critical faculty communications. Weekly in-person briefings every Wednesday at 11:45 AM in Building A's auditorium provided updates from university leadership, the computing center, and IT security teams to students and staff. The Faculty of Economics established a temporary informational website (h-ka-w.de), while continuing education programs were redirected to suedwissen.de. This incident followed a pattern of regional academic cyberattacks, including a February 2023 breach affecting eight Karlsruhe schools, though attribution for the HKA attack remained undetermined at the time of reporting.