According to the BR and the Tagesschau, there were cyber attacks on three IT service providers of the ITZ Bund, which is responsible for 200 federal and state authorities, by the end of April. The attacks “very likely” leaked large amounts of e-mail communication and probably also personal data. Now the picture is clear as to why exactly the external service providers Materna, Init and adesso were attacked.
The federal IT service provider ITZ Bund (Information Technology Center Bund) has not published any official report on the cyber attacks to date. To the BR or the Tagesschau there is probably a message from the Federal Information Technology Center (ITZ Bund) from the end of April with a warning about the attacks. It describes the attacks, their scope and the loot.
The cyber thieves are said to have captured a large number of e-mails. Personal data, telephone numbers and offices are probably also included. Information about current projects and sometimes entire email histories also ended up with the attackers through attached documents. It is unclear how many e-mails the attackers were able to capture and which department the information came from, because the ITZ Bund is an IT service provider for 200 federal and state authorities.
Sensitive information in captured emails
According to BR and Tagesschau, the ITZ Bund also warns of further attacks in the letter, since the emails also contain sensitive data. It cannot be ruled out that specific attacks could also start with the stolen e-mails and contacts. In addition, the ITZ Bund has already mentioned in writing that new attacks may already be underway using the information captured. In this way, the cyber attackers could perhaps get deeper into the network of the ITZ Bund and its service providers and capture even more information and undermine the security of the networks.
3 third-party IT service providers affected
ITZ Bund uses service providers for its services. Because ITZ Bund manages the data and access, but uses the infrastructure of other companies: adesso, Init and Materna. All of these companies reported cyber attacks and data loss in the last few weeks and months:
now: Detected the attack in January 2023. Specialists determined that the attackers had been gaining unauthorized and unnoticed access to the adesso network since the end of May 2022.
Maternal: The international IT service provider Materna was already the victim of a cyber attack on March 25. What exactly happened at the end of March at the IT consultancy Materna SE from Dortmund, with annual sales of around 400 million, can only be guessed at. The company said it had become the target of a professionally crafted network-level cyber attack.
Heat: According to BR, the attack on the IT company Init has been known since the end of April. The company has confirmed the cyber attack at BR's request. But says nothing about it on his website. Among the Init customers are the Federal Ministries of the Interior and the Economy. Further investigations are probably still ongoing.
The BR further reports that the ITZ Bund is also in contact with the BSI and has received the following comment: "Immediately after the cyber attacks became known in January, various security measures were initiated in consultation with the ITZ Bund to curb the spread of any malicious code."
Another DDoS attack on ITZ Bund
According to information from BR Recherche and BR Data, after the attacks on the service providers of the ITZ Bund, there was a DDoS attack on the network structures of the ITZ Bund. According to BR, the attack took place on February 16, 2023, which was referred to internally as a “major incident”, i.e. an IT emergency.
During the DDoS attack, the servers are intended to be overloaded and disrupted. While this type of attack does not penetrate a network, it often distracts from a second attack attempting infiltration. According to the letter available to the BR, the mass inquiries should come from a non-EU country. But that was to be expected, since the attackers often use botnets for a DDoS attack.