Is HIVE behind the attack on the Potsdam administration?

B2B Cyber ​​Security ShortNews

Share post

It is not yet entirely clear whether HIVE is behind the cyber attack on the Potsdam administration. A message from the administration speaks of HIVE and that even after the APT group has been broken up, the systems are still being switched off.

The misery does not end for the city administration of Potsdam. Although the IT experts restarted the attacked and then repaired systems in January, they shut everything down again on January 24th. After an expanded virus scanner was activated, there were a large number of automated communication attempts from the internal network of the state capital Potsdam to external servers. Since this could be interpreted as an indication of malware, the Brandenburg State Criminal Police Office was informed immediately and at the same time the servers in the state capital were again disconnected from the Brandenburg state administration network.


Potsdam remains offline

Citizens who are currently surfing the site will immediately receive the message "Restricted service after notification of an IT attack: The Internet connection of the city of Potsdam is offline for security reasons. The employees are currently not available via email. The citizen service offers are also limited.” Only the telephones and the often ridiculed faxes work. If you try to send an e-mail, you will get it back many hours later with the message that the server cannot be reached.

The Ministry of the Interior and Municipal Affairs of the State of Brandenburg (MiK), the LKA Brandenburg, the Brandenburg IT service provider ZIT-IT and the state capital Potsdam published a current assessment of the situation for the IT of the state capital Potsdam.

Hope HIVE is behind it

According to the experts, the danger for the state capital is still considered high. It cannot yet be ruled out that there is still a real threat to Potsdam even after HIVE has been broken up. The anomaly of January 24, 2023, which led to the systems being shut down again, could be explained by the improvement and greater sensitivity of the protective measures in the state capital. The administration also states that no data leaks or compromises have been detected so far.

The city wants to have the systems tested and secured by experts. Only then should the systems be started up again. If you read the messages, you can read through the lines that you are hoping that HIVE was the attacker and that the tools or exploits that were introduced were thus deactivated by the destruction of HIVE.

More at


Matching articles on the topic

SAP patches close serious security gaps

On its patch day, SAP published a list of 19 new security gaps and related updates. This is also necessary, because ➡ Read more

Lazarus: New backdoor against targets in Europe 

The APT group Lazarus, known for many attacks, is also using a new backdoor malware against targets in Europe. The purposes ➡ Read more

Critical vulnerabilities in Lexmark printers

The manufacturer of corporate printers Lexmark has once again warned its users of critical vulnerabilities. In dozens of his models are in the ➡ Read more

ALPHV claims to have hacked camera manufacturer Ring

In addition to many private users, the provider Ring also supplies small companies with cameras, surveillance systems and video doorbells. Now you can find it ➡ Read more

BSI warns: exploitation of a vulnerability in MS Outlook

The BSI warns of a vulnerability in Outlook that is apparently already being actively exploited. The CVSS score of the vulnerability is enclosed ➡ Read more

Backdoor: Chinese hacker group attacks Europe

The Chinese hacker group Mustang Panda is stepping up its attacks on targets in Europe, Australia and Taiwan. Researchers from the IT security manufacturer ESET covered ➡ Read more

Improved security solution for Mac computers

The IT security manufacturer ESET has presented its latest version of ESET Cyber ​​Security for macOS. The security solution for Mac computers has numerous ➡ Read more

AV-TEST gives 27 awards to the best security products

The Magdeburg institute AV-TEST gives 27 awards to 14 companies in the security industry for particularly good products for private users ➡ Read more