The German City of Potsdam has suffered a major
The intrusion into the Potsdam administration’s servers was discovered on Tuesday, and on Wednesday evening systems were disconnected from the Internet to contain the infection and prevent data exfiltration.
“The state capital Potsdam has switched off the administration’s internet connection and is therefore no longer accessible by email.” reads the advisory published by the City of
“We put our systems offline for security reasons, because we have to assume an illegal cyber attack,” said Mayor Mike Schubert. “We are working flat out to ensure that the affected
The IT staff noticed “numerous inconsistencies” in central access to the capital of the state. Experts noticed a system of an external provider that was attempting to retrieve data from the state capital from outside without authorization or to install malware.
The City of Potsdam hired external IT security companies and IT forensic experts to investigate the attack.
The state capital has filed criminal charges against unknown individuals and notified the incident to the regional offices responsible for IT security and data protection.
The City published an update that announced that Postdam’s administration is not able to receive emails from outside and any incoming emails won’t be forwarded either.
Citizens could contact the City by calling the Potsdam administration staff on the phone or submitting their applications in writing by post.
“After switching off the Internet connection of the state capital Potsdam, the citizen service of the state capital Potsdam is currently only of limited use.” reads the update. “The administration can currently not receive emails from outside and incoming emails are also not forwarded. For this reason, it is necessary for citizens to submit all applications in writing to the administration by post. The employees are still available by phone for questions. “
The City of Potsdam did not provide details on the attack, but German journalist Hanno Böck reported that Citrix ADC servers on the administration’s network are affected by the CVE-2019-19781 vulnerability.
Citrix started addressing CVE-2019-19781 vulnerability in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.