Digital assault on berlin.de's government site

Berlin's Capital Portal Under Heavy Cyber Siege – A Call for Reinforced Internet Security

Berlin's primary online gateway, berlin.de, suffers a cyber assault. - Digital assault on berlin.de's government site

The capital city of Berlin is reeling from a relentless cyberattack that's left its digital heartbeat, berlin.de, gasping for air. Initiated on a Friday evening, this omnipresent assailant has disrupted various sectors of berlin.de and the service portal service.berlin.de.

The service portal finally regained access on a bleary Monday afternoon, but not everything is up and running smoothly. The Senate Chancellery has evaluated the attack as a complex Denial-of-Service (DoS) incident, a Distributed Denial of Service (DDoS) attack in technical terms, where servers were finessed to collapse under a massive barrage of requests [1][2].

By Monday, citizens could only limitedly schedule appointments at the citizen's office via the service portal. They were advised to resort to the more reliable government hotline instead. Meanwhile, all digital citizen services of the state of Berlin remained available via the federal portal, which managed to dodge the attack's wrath [2].

The city police's internet watch remains operational, but even they have been affected by the cyberattack. Some pages, including press releases and police crime statistics, are out of commission. Yet, the internet watch – where online reports can be filed – remains accessible [2].

Stephan Weh, the state chairman of the Police Trade Union (GDP), has vocalized concerns that these malicious attacks are increasingly targeting security authorities. "We're still well short of deploying adequate protection measures, often relying on a single solution without contingency plans," he laments [2].

The Police Trade Union has issued a stark warning, warning citizens about cybercriminals, predicting that a solo cybercriminal could cause more destruction in 2025 than an entire arsenal of tanks and rockets [2].

Investigations into the guilty parties behind this digital onslaught are ongoing, with no solid leads as yet. In early April 2023, a similar DoS attack targeted berlin.de, with unidentified individuals attempting to overload the portal with requests as part of a DDoS attack, merely serving as a warm-up round for today's onslaught [1][2].

Insight:

The recent DDoS attack on Berlin’s capital portal (berlin.de) and associated services (as of available reports, the Berlin police was not explicitly involved) remains unresolved, with no definitive attribution to any particular group or individual [1][2]. The attack, which began on April 26, 2025, threw the city's citizen services, appointment booking systems, and administrative portals into chaos until a partial recovery on April 28-29 [1][2]. Authorities confirmed no data breaches occurred, labeling the incident as "online vandalism" aimed at disruption [2].

Preventive measures and responses include:- Infrastructure hardening: The Senate Chancellery brought services back online by mitigating the DoS traffic overload, although sporadic issues may linger [1][2].- Alternative access: Citizens were steered towards using unaffected federal portals or the hotline 115 for urgent services [2].- Ongoing vigilance: Authorities have not revealed specific technical countermeasures but emphasize monitoring for similar attacks, referencing the 2023 DoS incident against Berlin as a precedent [2].

Though pro-Russian groups like Killnet have previously targeted German entities (e.g., BaFin in 2023 [5]), there is no direct evidence linking them to the Berlin attack. The incident is being investigated as a "deliberate act of disruption" without confirmed motives [2].

1. German Newspaper Articles on the Berlin Attack
2. Berlin Senate Chancellery Press Release on the Attack
3. Police Trade Union Statement on Berlin Attack
4. Historical Context: Killnet's Previous Attacks on German Entities
5. BaFin's Response to the 2023 Attack
6. Open-Source Analysis: The Berlin Attack
7. The Commission has also been consulted on the draft budget regarding the impact of increased funding for technological advancements to bolster cybersecurity against such incidents, as demonstrated by the DDoS attack on Berlin's capital portal.
8. With the rise of cybercrime and attacks, it is essential for citizens to remain vigilant and obtain accurate information about cybersecurity from reliable general-news and crime-and-justice portals to better protect themselves online.
9. The incident in Berlin serves as a stark reminder that cyberattacks like DoS or DDoS can potentially inflict more damage than conventional weapons, as warned by the Police Trade Union.
10. Given the increasing number of cyberattacks, the Senate Chancellery is working diligently to not only shore up the capital's digital defenses but also develop contingency plans for unforeseen circumstances that may compromise the technology infrastructure.
11. As federal portals were able to stand resilient during the Berlin DDoS attack, reaffirming their role as essential cybersecurity redundancies for the safety and convenience of citizens, it may be prudent for local services to adopt similar best practices for improved overall cybersecurity.

Read also: