Minnesota activates National Guard following major cyberattack on St. Paul

Minnesota Governor Tim Walz has activated the state’s National Guard in response to a significant and ongoing cyberattack targeting the city of St. Paul. The executive order, issued Tuesday, took immediate effect and mobilized the Guard’s cyber protection teams to assist in managing the crisis, which has severely disrupted the city’s digital infrastructure.

The attack began Friday and was initially detected as suspicious activity. Investigations quickly revealed it to be a coordinated cyberattack executed by what city officials describe as a “sophisticated external actor.” The breach prompted the city to declare a state of emergency, citing the scale and complexity of the incident as beyond the capabilities of local IT staff.

Governor Walz emphasized the urgency and seriousness of the situation. “We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible,” he said in a statement. “The Minnesota National Guard’s cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul.”

St. Paul Mayor Melvin Carter confirmed the attack was not due to a technical failure but rather a calculated effort to infiltrate the city’s systems. “This was a deliberate, coordinated digital attack carried out by a sophisticated external actor intentionally and criminally targeting our city’s information infrastructure,” Carter said during a press briefing.

As a precautionary measure, the city shut down a wide range of internal systems and online services on Monday. While emergency services such as 911 and certain essential operations remain functional, access to various public-facing platforms, including Wi-Fi in city buildings and the library’s collections system, has been suspended. A city spokesperson clarified that the shutdown was initiated as a defensive response to contain the breach.

To support the response, St. Paul has activated its emergency operations center and enlisted two private cybersecurity firms to work alongside federal agencies, including the FBI, which is leading the investigation.

City officials stressed that the compromised systems are limited to municipal operations and do not include residential data unless users are employed by the city. Nevertheless, employees and others with city-linked accounts are being advised to remain vigilant for signs of data misuse.