exclusive
Hackers have attacked IT companies working for federal agencies. After BRinformation, it was possible to intercept large amounts of e-mail communications containing personal data.
Unknown hackers have apparently spied on three German IT companies that work for federal ministries and authorities. This emerges from a warning letter from the Federal Information Technology Center (ITZ Bund) at the end of April Bavarian radio present.
It states that the attackers “very likely” were able to intercept large amounts of e-mail communication at the companies concerned. The e-mails contain personal data, telephone numbers and offices, but also current projects, e-mail histories and attached documents. According to the ITZ Bund, it is an IT service provider for 200 federal and state authorities and works with the hacked companies itself.
Captured data may already be used for further attacks
In the letter, a member of the board of directors of the ITZ Bund warns employees of authorities that stolen e-mails and contacts could be used for highly specialized attacks. In such social engineering attacks, hackers use stolen information to inspire trust and thus obtain new, sensitive information or infiltrate networks.
The ITZ Bund writes: “There are indications that these attacks may have already begun.” There is a “high risk” that employees will inadvertently pass on confidential documents or allow attackers to feed data and code into the systems of the ITZ Bund. On BRThe ITZ Bund does not want to comment on inquiries and refers to the companies concerned.
Companies confirm attacks
According to the warning letter, the first attack – on the Dortmund IT company Adesso – became known in January 2023. According to its own statements, its customers include the Federal Ministry of the Interior, the Federal Ministry of Transport and the North Rhine-Westphalian Ministry of Economic Affairs. Adesso writes on its website that external IT security experts found out that the unknown hackers had access to the company networks as early as May 2022.
In March 2023 it became known that the Dortmund-based company Materna was also affected. Its customers include customs, the Robert Koch Institute and the Autobahn GmbH des Bundes. On request, Materna writes that it has not yet been possible to determine that e-mail communication, especially that with federal authorities, has been lost. According to the IT company, the North Rhine-Westphalian State Criminal Police Office is investigating.
The third attack, which has been known since the end of April, affected the Berlin company Init. Its customers include the Federal Ministries of the Interior and Economics. Init confirmed the cyber attack BR-Inquiry. Affected customers have been informed, the clarification is still ongoing. The LKA Berlin determine.
Appease ministries, expert warns
From the Federal Ministry of the Interior it says BR-Request that there is currently no immediate threat to the IT security of the federal administration. This is also the assessment of the Federal Office for Information Security (BSI).
The Federal Ministry of Finance, which reports to the ITZ Bund, writes that the investigations are ongoing. And: “Immediately after the cyber attacks became known in January, various security measures were initiated in consultation with the ITZ Bund to curb the spread of any malicious code.”
Andreas Rohr is an IT security expert and Managing Director of the German Cyber Security Organization (DCSO). He advises taking the warning sent out by the ITZ Bund seriously. Finding out who is behind an attack is very difficult. All state-controlled hacker groups have now learned to set the wrong tracks. “If you look at the fact that the ITZ Bund or authorities are the target, you would actually very likely assume an intelligence background.”
Security circles say it is not yet clear who the attackers are. A person familiar with the process assumes that the three attacks are related. Type and execution pointed to a state-controlled background.
DDOS attack on structures of the ITZ Bund
Another incident on February 16, 2023, which is referred to internally as a “major incident”, i.e. an IT emergency, proves that the structures of the ITZ Bund are also being targeted by attackers. A corresponding paper is available BR research and BR Data before. Accordingly, “various customers” of the ITZ Bund were the target of a DDOS attack, including the Federal Intelligence Service, several federal ministries, the Federal Central Tax Office and the Federal Office for Information Security.
In such attacks, attackers try to overload networks with a large number of server requests in order to trigger temporary disruptions. According to the letter, the mass inquiries should come from a non-EU country. The ITZ Bund comments on BR-Request not to do so and refers to ongoing investigations.
MEPs complain about poor ITsecurity policy
Konstantin von Notz (Greens), chairman of the parliamentary control committee that oversees the intelligence services, is alarmed by the cyber attacks on the three IT service providers. You are dealing with high-quality attacks. Hackers could access security-relevant information in this area. Authorities in Germany are not well positioned to protect critical infrastructure.
Anke Domscheit-Berg, spokeswoman for Internet policy for the Left Party in the Bundestag, calls on the federal government to take such attacks more seriously. “Sending the general signal that nothing happened is not a good idea at the moment when we have so many risks.”