ITZ Bund: Cyber ​​attack on federal IT service providers

ITZ Bund: Cyber ​​attack on federal IT service providers

Share post

According to the BR and the Tagesschau, there were cyber attacks on three IT service providers of the ITZ Bund, which is responsible for 200 federal and state authorities, by the end of April. The attacks “very likely” leaked large amounts of e-mail communication and probably also personal data. Now the picture is clear as to why exactly the external service providers Materna, Init and adesso were attacked.

The federal IT service provider ITZ Bund (Information Technology Center Bund) has not published any official report on the cyber attacks to date. To the BR or the Tagesschau there is probably a message from the Federal Information Technology Center (ITZ Bund) from the end of April with a warning about the attacks. It describes the attacks, their scope and the loot.

The cyber thieves are said to have captured a large number of e-mails. Personal data, telephone numbers and offices are probably also included. Information about current projects and sometimes entire email histories also ended up with the attackers through attached documents. It is unclear how many e-mails the attackers were able to capture and which department the information came from, because the ITZ Bund is an IT service provider for 200 federal and state authorities.

Sensitive information in captured emails

According to BR and Tagesschau, the ITZ Bund also warns of further attacks in the letter, since the emails also contain sensitive data. It cannot be ruled out that specific attacks could also start with the stolen e-mails and contacts. In addition, the ITZ Bund has already mentioned in writing that new attacks may already be underway using the information captured. In this way, the cyber attackers could perhaps get deeper into the network of the ITZ Bund and its service providers and capture even more information and undermine the security of the networks.

3 third-party IT service providers affected

ITZ Bund uses service providers for its services. Because ITZ Bund manages the data and access, but uses the infrastructure of other companies: adesso, Init and Materna. All of these companies reported cyber attacks and data loss in the last few weeks and months:

now: Detected the attack in January 2023. Specialists determined that the attackers had been gaining unauthorized and unnoticed access to the adesso network since the end of May 2022.

Maternal: The international IT service provider Materna was already the victim of a cyber attack on March 25. What exactly happened at the end of March at the IT consultancy Materna SE from Dortmund, with annual sales of around 400 million, can only be guessed at. The company said it had become the target of a professionally crafted network-level cyber attack.

Heat: According to BR, the attack on the IT company Init has been known since the end of April. The company has confirmed the cyber attack at BR's request. But says nothing about it on his website. Among the Init customers are the Federal Ministries of the Interior and the Economy. Further investigations are probably still ongoing.

The BR further reports that the ITZ Bund is also in contact with the BSI and has received the following comment: "Immediately after the cyber attacks became known in January, various security measures were initiated in consultation with the ITZ Bund to curb the spread of any malicious code."

Another DDoS attack on ITZ Bund

According to information from BR Recherche and BR Data, after the attacks on the service providers of the ITZ Bund, there was a DDoS attack on the network structures of the ITZ Bund. According to BR, the attack took place on February 16, 2023, which was referred to internally as a “major incident”, i.e. an IT emergency.

During the DDoS attack, the servers are intended to be overloaded and disrupted. While this type of attack does not penetrate a network, it often distracts from a second attack attempting infiltration. According to the letter available to the BR, the mass inquiries should come from a non-EU country. But that was to be expected, since the attackers often use botnets for a DDoS attack.

More at


Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more