The City of St. Paul experienced a **deliberate, coordinated cyber attack** starting Friday, leading to a **complete shutdown of its Wi-Fi and Internet-based systems**, including public terminals in libraries and key networks at City Hall. The breach, treated as a **criminal matter**, prompted involvement from the **FBI, Minnesota National Guard’s cybersecurity experts**, and a hired national cybersecurity firm for forensic investigation. While **no ransom demand was reported**, the attack disrupted **most city services** (excluding 911 and public safety operations), forced **VPN access restrictions**, and left officials uncertain about **what data, if any, was stolen**. The city declared a **state of local emergency**, deactivated affected accounts, and initiated a **precautionary network shutdown** to contain the incident. The attack’s origin was traced to **city servers**, with containment actions taken to mitigate risks. Recovery efforts remain ongoing, with **no timeline for full restoration**, severely impacting municipal operations, payroll processing, and public digital services. The incident underscores the **vulnerability of government infrastructure** to sophisticated cyber threats, though Ramsey County’s systems remained unaffected.
Source: https://www.govtech.com/security/national-guard-activated-as-cyber-attack-hits-st-paul-minn
TPRM report: https://www.rankiteo.com/company/city-of-saint-paul
"id": "cit842090225",
"linkid": "city-of-saint-paul",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Residents and users of city '
'services (e.g., libraries, rec '
'centers, online systems)',
'industry': 'Public Administration',
'location': 'St. Paul, Minnesota, USA',
'name': 'City of St. Paul, Minnesota',
'type': 'Local Government'}],
'attack_vector': ['Sophisticated external actor',
'Active digital security incident originating from city '
'servers'],
'customer_advisories': 'Libraries and rec centers remain open without '
'Internet access',
'data_breach': {'data_encryption': 'VPN used for encrypted connections '
'(disabled during incident)'},
'date_detected': '2023-XX-XX (Friday, exact date not specified in article)',
'date_publicly_disclosed': '2023-XX-XX (Tuesday, exact date not specified; '
"mayor's press conference)",
'description': "A sophisticated, coordinated cyber attack on St. Paul's "
'Internet-based computer networks led to a precautionary '
"'complete network shutdown' of Wi-Fi and Internet-based "
'systems, including public terminals in libraries and key '
'networks at City Hall. The attack prompted a state of local '
'emergency declaration, involvement of the FBI, and assistance '
"from the Minnesota National Guard's cybersecurity experts. "
'Most city services (except 911 and public safety operations) '
'remain offline, with no confirmed ransom demands or data '
'theft details yet disclosed.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'service disruptions and emergency '
'declaration',
'downtime': 'Ongoing as of Tuesday (article date); most city '
'services inoperable except 911/public safety',
'operational_impact': ['Complete network shutdown',
'City services (excluding 911) offline',
'Libraries and rec centers open without '
'Internet',
'Payroll concerns for city labor unions',
'Disabled VPN access (except law '
'enforcement/public safety)'],
'systems_affected': ['Wi-Fi and Internet-based systems citywide',
'Public computer terminals in St. Paul '
'libraries',
'Key networks at City Hall',
'VPN access (disabled for most users)',
'Internet-based and Wi-Fi-enabled systems']},
'initial_access_broker': {'entry_point': 'City servers (internal origin of '
'breach)'},
'investigation_status': 'Ongoing; led by FBI and national cybersecurity '
'experts',
'ransomware': {'ransom_demanded': "No ransom request reported (as of mayor's "
'statement)'},
'references': [{'source': 'Twin Cities News (TNS)'}],
'response': {'communication_strategy': ["Mayor's press conference (Tuesday)",
'State of local emergency declaration',
'Calls with labor union leaders to '
'address concerns (e.g., payroll)',
'Public statements from Office of '
'Technology and Communications'],
'containment_measures': ['Deactivated affected accounts',
'Disabled VPN access (except for law '
'enforcement/public safety)',
'Complete network shutdown (proactive)',
'Endpoint Detection and Response (EDR) '
'system alerts'],
'enhanced_monitoring': "EDR system ('force field' analogy for "
'detection)',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Advanced forensic investigation',
'Strategic response planning'],
'third_party_assistance': ['National cybersecurity firm (hired '
'for forensic investigation)',
'FBI',
'Minnesota National Guard '
'cybersecurity experts']},
'stakeholder_advisories': ["Mayor's call with labor union leaders (payroll "
'concerns)',
'Ramsey County monitoring situation (no direct '
'impact)'],
'threat_actor': 'Sophisticated external actor (unknown affiliation; treated '
'as criminal matter)',
'title': 'St. Paul City Government Cyber Attack and Complete Network Shutdown',
'type': ['Cyber Attack', 'Data Breach', 'Network Intrusion']}