German national rail operator Deutsche Bahn has fallen victim to a large-scale DDoS cyberattack. The assault, which began on Tuesday, February 17 and continued in waves over the following days, paralyzed information systems and ticket sales via the app and website. While passenger data remained secure, the incident caused significant travel disruptions across Germany. Experts point to possible links between the perpetrators and pro-Russian groups.
Targeted DDoS Attack
Deutsche Bahn systems were overloaded by massive traffic generated by hackers, preventing ticket purchases and connection checks from February 17.
Pro-Russian Trail in Investigation
German services and experts are investigating links to Russian cyber sabotage groups that are conducting a campaign against North Atlantic Alliance countries.
Stabilization of DB Systems
After two days of IT battles, on February 19, DB Navigator systems and the bahn.de website returned to normal, and customer data was not compromised.
German state railway Deutsche Bahn (DB) is grappling with the aftermath of a massive strike against its IT infrastructure. Problems began on Tuesday, February 17, 2026, when passengers lost the ability to book tickets and check current timetables. The carrier confirmed it was the target of a DDoS attack of "considerable magnitude," which was carried out in multiple waves. The main strike targeted the bahn.de portal and the popular mobile app DB Navigator. Despite the technical chaos, company representatives assured that defense mechanisms worked correctly where sensitive customer data was concerned, and no data leaked. The situation was dynamic, with systems repeatedly stabilized and then control lost again. According to reports from the Federal Office for Information Security (BSI), this was an operation of unusual bandwidth, suggesting the involvement of advanced hacker groups. Although official government statements are reserved regarding attribution, media and some cybersecurity experts, such as Jan Lemnitzer, point to Russian traces. This attack is interpreted as part of a broader campaign targeting the critical infrastructure of NATO countries. Since 2022, German transport and energy infrastructure has been consistently targeted by hacker groups linked to the Russian Federation, following Berlin's support for Ukraine. The largest digital paralysis of German railways to date occurred in October 2022, when communication cables were sabotaged. On Wednesday, February 18, systems began returning to full functionality, although Deutsche Bahn remains on high alert. Experts emphasize that the incident exposed the vulnerability of digital systems on which the daily mobility of millions depends. „It is a very early stage to present final results of the investigation into the origin of this attack.” — Spokesperson for the Federal Ministry of the Interior The carrier is closely cooperating with law enforcement to secure the network against further shockwaves that may occur in the coming days. 2026-02-17T12:00: 45, 2026-02-17T16:00: 240, 2026-02-18T08:00: 120, 2026-02-18T14:00: 30 48 hours — massive attacks on the digital infrastructure of German railways lasted
Mentioned People
- Jan Lemnitzer — Cybersecurity expert commenting on the scale of the campaign against NATO countries