It is not yet entirely clear whether HIVE is behind the cyber attack on the Potsdam administration. A message from the administration speaks of HIVE and that even after the APT group has been broken up, the systems are still being switched off.
The misery does not end for the city administration of Potsdam. Although the IT experts restarted the attacked and then repaired systems in January, they shut everything down again on January 24th. After an expanded virus scanner was activated, there were a large number of automated communication attempts from the internal network of the state capital Potsdam to external servers. Since this could be interpreted as an indication of malware, the Brandenburg State Criminal Police Office was informed immediately and at the same time the servers in the state capital were again disconnected from the Brandenburg state administration network.
Potsdam remains offline
Citizens who are currently surfing the Potsdam.de site will immediately receive the message "Restricted service after notification of an IT attack: The Internet connection of the city of Potsdam is offline for security reasons. The employees are currently not available via email. The citizen service offers are also limited.” Only the telephones and the often ridiculed faxes work. If you try to send an e-mail, you will get it back many hours later with the message that the server cannot be reached.
The Ministry of the Interior and Municipal Affairs of the State of Brandenburg (MiK), the LKA Brandenburg, the Brandenburg IT service provider ZIT-IT and the state capital Potsdam published a current assessment of the situation for the IT of the state capital Potsdam.
Hope HIVE is behind it
According to the experts, the danger for the state capital is still considered high. It cannot yet be ruled out that there is still a real threat to Potsdam even after HIVE has been broken up. The anomaly of January 24, 2023, which led to the systems being shut down again, could be explained by the improvement and greater sensitivity of the protective measures in the state capital. The administration also states that no data leaks or compromises have been detected so far.
The city wants to have the systems tested and secured by experts. Only then should the systems be started up again. If you read the messages, you can read through the lines that you are hoping that HIVE was the attacker and that the tools or exploits that were introduced were thus deactivated by the destruction of HIVE.
More at Potsdam.de