Pierluigi Paganini January 26, 2020

The City of Potsdam suffered a major cyberattack that took down its servers earlier this week, but emergency services were not impacted.

The German City of Potsdam has suffered a major cyberattack that took down its servers earlier this week, the good news is that emergency services, including the city’s fire department fully operational and payments were not affected.

Potsdam is the capital and largest city of the German federal state of Brandenburg. It directly borders the German capital, Berlin, and is part of the Berlin/Brandenburg Metropolitan Region. 

The intrusion into the Potsdam administration’s servers was discovered on Tuesday, and on Wednesday evening systems were disconnected from the Internet to contain the infection and prevent data exfiltration.

“The state capital Potsdam has switched off the administration’s internet connection and is therefore no longer accessible by email.” reads the advisory published by the City of Potsdam.

“We put our systems offline for security reasons, because we have to assume an illegal cyber attack,” said Mayor Mike Schubert. “We are working flat out to ensure that the affected administration systems are switched on again as soon as possible and that we can work safely again. In the meantime, we ask for your patience in all matters relating to the citizen service facilities, ” “We put our systems offline for security reasons, because we have to assume an illegal cyberattack,”

The IT staff noticed “numerous inconsistencies” in central access to the capital of the state. Experts noticed a system of an external provider that was attempting to retrieve data from the state capital from outside without authorization or to install malware. 

The City of Potsdam hired external IT security companies and IT forensic experts to investigate the attack.

The state capital has filed criminal charges against unknown individuals and notified the incident to the regional offices responsible for IT security and data protection.

The City published an update that announced that Postdam’s administration is not able to receive emails from outside and any incoming emails won’t be forwarded either.

Citizens could contact the City by calling the Potsdam administration staff on the phone or submitting their applications in writing by post.

“After switching off the Internet connection of the state capital Potsdam, the citizen service of the state capital Potsdam is currently only of limited use.” reads the update. “The administration can currently not receive emails from outside and incoming emails are also not forwarded. For this reason, it is necessary for citizens to submit all applications in writing to the administration by post. The employees are still available by phone for questions. “

The City of Potsdam did not provide details on the attack, but German journalist Hanno Böck reported that Citrix ADC servers on the administration’s network are affected by the CVE-2019-19781 vulnerability.

Citrix started addressing CVE-2019-19781 vulnerability in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.

Pierluigi Paganini

(SecurityAffairs – Potsdam, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]