Weekly Backlog 43/2025

“When Tenders Time Out and AWS Gets the Hiccups”

Editorial

This week demonstrated how interconnected the modern world is—technically, economically, and politically. A DDoS attack on the federal procurement portal halted public tenders, an attack on F5 opened a window into the engine room of global network security, and AWS once again showed that “Multi-AZ” is not a backup plan.

Additionally: Saarland loses its digital flagship to Munich.

The Tech News of the Week

DDoS Cripples Federal Procurement Portal

For several days, the central federal procurement portal—the heart of public tenders—was inaccessible. The cause: a large-scale DDoS attack by the pro-Russian hacker group Noname057(16), which has been conducting coordinated overload attacks on European authorities, banks, and media for years.

The attack was executed via a botnet that directed millions of requests to the website in a short time, overloading the servers and blocking access to more than 30,000 ongoing tenders, including contracts for the Bundeswehr.

Companies were unable to submit new bids or view ongoing procedures. According to several IT service providers, deadlines for affected procedures must be extended—a process that costs administrative time and carries legal risks.

The group itself declared the attack a response to German arms deliveries to Ukraine, particularly Patriot systems. According to reports, Bavarian state portals, websites of the Saxony-Anhalt state parliament, and the local police were also affected.

The Federal Office for Information Security (BSI) confirmed the attack but emphasized that there are no indications of data leaks or system compromises. The Federal Ministry of the Interior referred to an “IT security incident” in coordination with other authorities.

The context is interesting: In July 2025, international investigators, including the Federal Criminal Police Office (BKA), dismantled a large server network of the group. Noname057(16) was considered weakened but is now making a targeted symbolic attack against Germany’s most visible administrative portal.

DDoS attacks are technically simple but operationally devastating if processes lack fallbacks. Government portals are rarely prepared for massive traffic load balancing; often, redundant access layers, geo-redundancy, and “graceful degradation” mechanisms are missing. A procurement portal is not just a website but a state platform with legally binding deadlines—and thus a perfect target for political sabotage.

The incident is less a technical problem than a structural one. Public IT must be not only secure but resilient. DDoS mitigation, cloud buffering, and automated deadline extensions should be part of every e-government system.

Read more: Golem – Cyberattack Cripples Federal Procurement Portal Süddeutsche Zeitung – Attack on Government Portals

Nation-State Attack on F5 Networks

F5 Networks, the manufacturer of the well-known BIG-IP appliances, has fallen victim to a sophisticated, presumably state-sponsored cyberattack. In a report to the US Securities and Exchange Commission (SEC), F5 confirmed that attackers gained access to internal systems and stole parts of the source code, configuration files, and documentation from product development.

According to F5, the stolen files include information on previously undisclosed vulnerabilities. Although there are no signs that these gaps have already been exploited, merely possessing the code accelerates potential exploit developments.

The US Cybersecurity and Infrastructure Security Agency (CISA) explicitly warned: Systems using F5 components are at risk because “embedded credentials, API keys, and internal protocols” could be misused to move laterally within networks or exfiltrate data.

F5 emphasized that there are no indications of manipulations to the software supply chain or the build system—a key point after the supply chain incidents at SolarWinds and CircleCI. NGINX, also part of the company, is reportedly unaffected according to independent auditors (NCC Group, IOActive).

The attack is part of a broader wave of targeted attacks on security providers themselves—following incidents at SonicWall and Cisco. The strategy is clear: Understanding security products allows them to be circumvented. A leak of the source code provides attackers with valuable knowledge about authentication processes, internal API endpoints, and security controls.

F5 has rotated all credentials, tightened internal access controls, and is offering affected customers a year of CrowdStrike Falcon EDR for free. Security researchers like Ilia Kolochenko (ImmuniWeb) warn that targeted attacks on F5 installations could now follow. Johannes Ullrich (SANS Institute) speaks of a “new wave of reverse engineering,” as stolen source code significantly accelerates vulnerability discovery.

The incident shows how deeply nation-state groups are targeting development processes today. Not the products themselves, but the creation mechanisms are the target. Those who build their security architecture on external components must understand their development and supply chains as part of their own attack surface.

Read more: CSOonline – Source Code and Vulnerability Info Stolen from F5 Networks

AWS Outage Cripples Global Services

On the night of October 20, 2025, one of the largest AWS outages of the year occurred. A malfunction in the DNS resolution of DynamoDB in the US-EAST-1 (North Virginia) region led to failures across the ecosystem: EC2, Lambda, RDS, ECS, Glue—and indirectly affected services like Signal, Atlassian, Docker, Apple services, and Perplexity AI.

Attempts to start new EC2 instances ended with “Insufficient Capacity Errors,” and AWS recommended not binding deployments to fixed Availability Zones. Even internal AWS support was temporarily limited, as ticket systems ran in the affected region.

The incident began at 00:11 CEST, with initial recovery visible by 11:30, and full restoration by 12:35. The cause was a defective DNS component in DynamoDB, whose malfunction cascaded to dependent services.

The issue illustrates a well-known weakness: DNS is a global single point of failure. When resolvers or caches are defective, horizontal scaling does not help.

Many applications are technically “multi-AZ” but practically single-region. Their dependencies—IAM, Parameter Store, Secrets Manager, KMS, CloudFormation—are implicitly tied to US-EAST-1. If this control plane fails, the entire deployment fails.

The cloud is resilient but not magical. Multi-region designs must be actively operated, tested, and regularly practiced—including failover, DNS cutover, and automatic rehydration.

Read more: heise online – AWS: Global Outage Due to DNS Error

CISPA Moves to Munich - Saarland Loses Ground

The Helmholtz Center for Information Security (CISPA) is shifting its innovation and startup focus to Munich. Officially, the reason is nationwide engagement. Behind the scenes, it is said that Saarland lacks the suitable infrastructure and dynamism that startups need.

The “Innovation Campus” in St. Ingbert was once planned as a flagship project for digital transformation. However, the plans have hardly become reality to date. Completion: earliest 2028. Meanwhile, the Munich environment is booming with UnternehmerTUM as Europe’s largest startup accelerator—over two billion euros of private capital flowed into tech startups there in 2024 alone.

The result: Startups from the CISPA environment will likely emerge in Bavaria in the future. What is being sold as nationwide expansion is a gradual innovation drain for Saarland.

Research alone does not create a digital future. Without an economic environment, capital, and administration that makes quick decisions, innovation moves to where it can breathe.

Read more: Saarbrücker Zeitung – CISPA Relocates Startup Activities to Bavaria

Tools, Trends & Open Source

The Germany Stack

Initiated by the Federal Ministry for Digital and State Modernization, the Germany Stack is an open reference architecture for modern, interoperable software development in administration and business. The goal: uniform, secure, and sovereign IT foundations—cloud-compatible, based on open standards, without proprietary dependencies.

It includes standards and technologies from integration (gRPC, REST, OpenAPI), AI (TensorFlow, PyTorch), persistence (PostgreSQL, MariaDB, MongoDB), security (TLS, JWT, IPsec), and orchestration (Kubernetes, Prometheus, OpenTelemetry).

ayedo demonstrates how this architecture can be operated in practice: With Managed Kubernetes, GitOps deployments (ArgoCD), Zero-Trust networks (Netbird), Observability (Grafana, Loki, VictoriaMetrics), and European hosting partners (IONOS, OVH, Scaleway, Exoscale).

Digital sovereignty does not mean hosting everything yourself, but maintaining control over data, standards, and operating models.

Read more: ayedo – The Germany Stack

Podcast / Event Recommendations

Podcast: Endless AI Hype?

Richard “Richy” Dittrich (Boerse Stuttgart Group) and Christian W. Röhl (Scalable Capital) discuss the AI boom in the markets: Why NVIDIA is the new leading currency of the stock exchange, how hyperscalers scale their AI investments, and why Europe’s role hangs between regulatory caution and investment gaps. A nuanced conversation about opportunities, exaggerations, and real substance in the AI market.

Spotify – Endless AI Hype?

GitLab Roadshow – DevSecOps in Practice

GitLab invites you to the DACH Roadshow: Case studies, AI workshops, co-creation sessions, and networking without sales slides. Topics: automated security scans, platform contribution, DevSecOps experiences from real projects. Free of charge, including lunch and direct exchange with experts.

Dates: Düsseldorf (28.10.), Berlin (02.12.), Vienna (04.12.)

Informatik Aktuell – GitLab Roadshow 2025

Opinion of the Week

Those who do not practice their failover mechanisms rely on hope—and hope is a lousy operational model.

In-Post of the Week

Sascha Pallenberg puts it succinctly: “The digital transformation is not a project with a start and end date, but a continuous process that requires constant adaptation and learning.”