Deutsche Bahn, Germany’s national rail operator, has been dealing with a large-scale distributed denial-of-service (DDoS) attack that has disrupted some of its IT systems.
Regular status updates from Deutsche Bahn indicated that the attack began on February 17 and continued into February 18.
According to the rail giant, the attack came in waves and its scale is substantial. The DDoS attack disrupted Deutsche Bahn’s information and ticketing systems, including its websites and the DB Navigator app.
At the time of writing Deutsche Bahn is no longer reporting any disruptions, but the organization’s websites still appear to be intermittently inaccessible.
It’s unclear who is behind the attack and what their motivation is. Deutsche Bahn said it would not comment on the matter.
However, it’s worth noting that in the past years German transportation and other critical infrastructure organizations have been targeted with DDoS attacks by threat actors claiming to be pro-Russian hacktivists, including the groups named Killnet and NoName057(16).
DDoS attacks can serve various purposes. Hackers can use them to draw attention to their cause and, in profit-driven operations, threaten victims with highly disruptive attacks if they don’t pay a ransom.
Such attacks can also be used by cybercrime gangs and state-sponsored groups to conceal more sophisticated activities, such as malware deployment or data theft.
DDoS attacks have become increasingly powerful, with new records set regularly. The largest attack to date by volume was observed by Cloudflare in late 2025, peaking at 31.4 Tbps.
Related: UK Train Operator LNER Warns Customers of Data Breach
Related: Aisuru Botnet Powers Record DDoS Attack Peaking at 29 Tbps
Related: Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years
Related: ShadowV2 DDoS Service Lets Customers Self-Manage Attacks
