Germany's national railway operator Deutsche Bahn fell victim to a massive DDoS attack that paralyzed its websites and mobile app for two days. The disruptions primarily affected ticket sales systems and timetable information. Although the situation has been stabilized, experts point to the involvement of groups linked to Russia, and the incident is being treated as part of a broader campaign targeting the critical infrastructure of NATO member states.

Massive DDoS Attack

Deutsche Bahn systems were paralyzed by intentionally caused network traffic overload, preventing passengers from purchasing tickets and checking timetables.

Suspicion of Russian Involvement

Experts and media point to Russian hacker groups as the perpetrators of the attack, which is believed to be part of a broader campaign against NATO countries.

Customer Data Security

The operator assured that despite the failure of access systems, there was no leakage or theft of passenger personal data.

Germany's national railway Deutsche Bahn (DB) faced a powerful strike against its digital infrastructure. The attack began on Tuesday, February 17, 2026, and continued in successive waves throughout Wednesday. The attackers' main target was DDoS systems, which effectively disabled the bahn.de website and the popular DB Navigator app. Passengers across the country were deprived of the ability to purchase tickets online and check current connections, causing significant communication chaos at stations. DB representatives and federal security services emphasize that despite the enormous scale of the operation, passenger data remained secure. Claudia Plattner, head of the BSI, described the attack as "exceptionally broadband" and requiring advanced coordination. Although official government channels remain restrained regarding attribution, security experts and numerous media sources point to traces leading to Russian hacker groups. This incident is not isolated but constitutes part of a larger hybrid campaign aimed at destabilizing Western nations. Since the beginning of the Russian invasion of Ukraine in 2022, European countries have recorded a sharp increase in attacks on critical infrastructure, including transport and energy, as part of so-called hybrid warfare. The situation on Thursday, February 19, improved significantly. Systems were stabilized, and the operator's defense mechanisms allowed for the restoration of full service functionality. Nevertheless, services remain on high alert, fearing further strikes. Experts note that such actions aim not only at economic damage but primarily at creating a sense of uncertainty in society by targeting critical infrastructure, on which the daily functioning of millions of citizens depends. „The situation appears to be under control, although we are of course remaining vigilant, as attacks of this kind often return in successive waves.” — Claudia Plattner 48 hours — intense disruptions lasted in Deutsche Bahn's IT systems Timeline of the Cyberattack on the Railway: February 17, noon — ; February 18, morning — ; February 18, afternoon — ; February 19, morning —

Emphasizes the need for European solidarity and investment in digital security shields against Russian hybrid aggression. | Focuses on gaps in national infrastructure and criticizes the government for insufficient protection of strategic facilities.

Mentioned People

  • Claudia Plattner — President of the Federal Office for Information Security (BSI).
  • Jan Lemnitzer — Cybersecurity expert commenting on the political background of the attack.