Deutsche Bahn’s IT Systems Under DDoS Attack
Germany’s national rail operator, Deutsche Bahn, recently faced a significant distributed denial-of-service (DDoS) attack, disrupting various IT services. The company’s regular updates revealed that the attack commenced on February 17 and persisted into February 18, causing widespread issues.
Impact on Deutsche Bahn’s Operations
The large-scale cyber assault affected Deutsche Bahn’s information and ticketing systems, including its websites and the DB Navigator app. The attack occurred in waves, indicating a strategic approach by the perpetrators. Despite the restoration of services at the time of writing, the rail operator’s websites still experience intermittent accessibility problems.
Uncertain Origins of the Cyberattack
The origin and motives behind the attack remain unclear as Deutsche Bahn refrains from commenting on potential perpetrators. Historically, similar attacks have targeted German transportation and critical infrastructure, often claimed by pro-Russian hacktivist groups like Killnet and NoName057(16).
Such DDoS attacks can serve various purposes: drawing attention to political causes or extorting organizations with ransom demands. Additionally, they may act as diversions for more covert operations, such as malware deployment or data theft.
Growing Power of DDoS Attacks
DDoS attacks have evolved in potency, with new records frequently surpassed. The largest attack recorded by volume occurred in late 2025, with Cloudflare observing a peak of 31.4 terabits per second (Tbps). This trend underscores the increasing threat posed by these cyber assaults to organizations worldwide.
As Deutsche Bahn navigates the aftermath of this disruption, the incident highlights the ongoing vulnerability of critical infrastructure to cyber threats. It underscores the need for robust cybersecurity measures to protect against future attacks and ensure operational resilience.
