The German City of Potsdam was affected by a major cyberattack which took down its servers. However, the emergency services which includes the city’s fire department is fully operational and payments were not affected.
Potsdam which is the capital and largest city of the German federal state of Brandenburg directly borders with Berlin, and is part of the Berlin/Brandenburg Metropolitan Region.
The intrusion into the Potsdam administration’s servers was discovered on Tuesday, and the systems were disconnected from the Internet on Wednesday to contain the infection and prevent data exfiltration.
According to the advisory published by the City of Potsdam, “The state capital Potsdam has switched off the administration’s internet connection and is therefore no longer accessible by email.”
Mayor Mike Schubert stated that they had to put their systems offline for security reasons, as it is a cyber-attack. They are working to ensure that the affected administration systems are switched on again as soon as possible and that they can work safely again. He asked the citizens to have patience in all matters relating to their service facilities.
The IT staff found several inconsistencies in central access to the capital of the state. Experts noticed a system of an external provider that was attempting to retrieve data from the state capital from outside without authorization or to install malware.
The City of Potsdam hired external IT security companies and IT forensic experts to investigate the attack.
The state capital has filed criminal charges against unknown individuals and notified the incident to the regional offices responsible for IT security and data protection.
The City published that Postdam’s administration is not able to receive emails from outside and any incoming emails won’t be forwarded either.
So, the citizens are requested to contact the City by calling the Potsdam administration staff on the phone or submitting their applications in writing by post. The employees are still available by phone for questions.
Any further details regarding the attack was provided by the city. But German journalist Hanno Böck reported that Citrix ADC servers on the administration’s network are affected by the CVE-2019-19781 vulnerability.
Citrix started addressing CVE-2019-19781 vulnerability in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.