Is HIVE behind the attack on the Potsdam administration?

B2B Cyber ​​Security ShortNews

Share post

It is not yet entirely clear whether HIVE is behind the cyber attack on the Potsdam administration. A message from the administration speaks of HIVE and that even after the APT group has been broken up, the systems are still being switched off.

The misery does not end for the city administration of Potsdam. Although the IT experts restarted the attacked and then repaired systems in January, they shut everything down again on January 24th. After an expanded virus scanner was activated, there were a large number of automated communication attempts from the internal network of the state capital Potsdam to external servers. Since this could be interpreted as an indication of malware, the Brandenburg State Criminal Police Office was informed immediately and at the same time the servers in the state capital were again disconnected from the Brandenburg state administration network.

Potsdam remains offline

Citizens who are currently surfing the Potsdam.de site will immediately receive the message "Restricted service after notification of an IT attack: The Internet connection of the city of Potsdam is offline for security reasons. The employees are currently not available via email. The citizen service offers are also limited.” Only the telephones and the often ridiculed faxes work. If you try to send an e-mail, you will get it back many hours later with the message that the server cannot be reached.

The Ministry of the Interior and Municipal Affairs of the State of Brandenburg (MiK), the LKA Brandenburg, the Brandenburg IT service provider ZIT-IT and the state capital Potsdam published a current assessment of the situation for the IT of the state capital Potsdam.

Hope HIVE is behind it

According to the experts, the danger for the state capital is still considered high. It cannot yet be ruled out that there is still a real threat to Potsdam even after HIVE has been broken up. The anomaly of January 24, 2023, which led to the systems being shut down again, could be explained by the improvement and greater sensitivity of the protective measures in the state capital. The administration also states that no data leaks or compromises have been detected so far.

The city wants to have the systems tested and secured by experts. Only then should the systems be started up again. If you read the messages, you can read through the lines that you are hoping that HIVE was the attacker and that the tools or exploits that were introduced were thus deactivated by the destruction of HIVE.

More at Potsdam.de

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more