ITZ Bund: Cyber ​​attack on federal IT service providers

ITZ Bund: Cyber ​​attack on federal IT service providers

Share post

According to the BR and the Tagesschau, there were cyber attacks on three IT service providers of the ITZ Bund, which is responsible for 200 federal and state authorities, by the end of April. The attacks “very likely” leaked large amounts of e-mail communication and probably also personal data. Now the picture is clear as to why exactly the external service providers Materna, Init and adesso were attacked.

The federal IT service provider ITZ Bund (Information Technology Center Bund) has not published any official report on the cyber attacks to date. To the BR or the Tagesschau there is probably a message from the Federal Information Technology Center (ITZ Bund) from the end of April with a warning about the attacks. It describes the attacks, their scope and the loot.

The cyber thieves are said to have captured a large number of e-mails. Personal data, telephone numbers and offices are probably also included. Information about current projects and sometimes entire email histories also ended up with the attackers through attached documents. It is unclear how many e-mails the attackers were able to capture and which department the information came from, because the ITZ Bund is an IT service provider for 200 federal and state authorities.

Sensitive information in captured emails

According to BR and Tagesschau, the ITZ Bund also warns of further attacks in the letter, since the emails also contain sensitive data. It cannot be ruled out that specific attacks could also start with the stolen e-mails and contacts. In addition, the ITZ Bund has already mentioned in writing that new attacks may already be underway using the information captured. In this way, the cyber attackers could perhaps get deeper into the network of the ITZ Bund and its service providers and capture even more information and undermine the security of the networks.

3 third-party IT service providers affected

ITZ Bund uses service providers for its services. Because ITZ Bund manages the data and access, but uses the infrastructure of other companies: adesso, Init and Materna. All of these companies reported cyber attacks and data loss in the last few weeks and months:

now: Detected the attack in January 2023. Specialists determined that the attackers had been gaining unauthorized and unnoticed access to the adesso network since the end of May 2022.

Maternal: The international IT service provider Materna was already the victim of a cyber attack on March 25. What exactly happened at the end of March at the IT consultancy Materna SE from Dortmund, with annual sales of around 400 million, can only be guessed at. The company said it had become the target of a professionally crafted network-level cyber attack.

Heat: According to BR, the attack on the IT company Init has been known since the end of April. The company has confirmed the cyber attack at BR's request. But says nothing about it on his website. Among the Init customers are the Federal Ministries of the Interior and the Economy. Further investigations are probably still ongoing.

The BR further reports that the ITZ Bund is also in contact with the BSI and has received the following comment: "Immediately after the cyber attacks became known in January, various security measures were initiated in consultation with the ITZ Bund to curb the spread of any malicious code."

Another DDoS attack on ITZ Bund

According to information from BR Recherche and BR Data, after the attacks on the service providers of the ITZ Bund, there was a DDoS attack on the network structures of the ITZ Bund. According to BR, the attack took place on February 16, 2023, which was referred to internally as a “major incident”, i.e. an IT emergency.

During the DDoS attack, the servers are intended to be overloaded and disrupted. While this type of attack does not penetrate a network, it often distracts from a second attack attempting infiltration. According to the letter available to the BR, the mass inquiries should come from a non-EU country. But that was to be expected, since the attackers often use botnets for a DDoS attack.

More at


Matching articles on the topic

Risk management app for Microsoft 365

The risk management app Cockpit is a ready-made plug & play solution that can be operated via desktop or smartphone. She identifies ➡ Read more

1 million euros in prize money for 58 zero-day vulnerabilities

Trend Micro's Zero Day Initiative (ZDI) is awarding prize money to ethical hackers for uncovering vulnerabilities in the Pwn2Own hacking competition. For ➡ Read more

CSaaS: Study on Cyber ​​Security as a Service 

Companies are increasingly strengthening themselves with external expertise. The current study shows that 46 percent of companies are already on cyber ➡ Read more

Proactive: Investing in IT security as a business strategy

IT security is not just an investment that ensures the protection of company assets. It also creates significant added value for customers ➡ Read more

Highest encryption cracked with quantum computers?

The currently highest encryption is the RSA-2048 key. The researcher Ed Gerck Ph.D, physicist and mathematician, now wants to do this with one ➡ Read more

Appropriate data security in industry

Data security and backups for businesses are easy to ensure in theory, but how does it work in reality? The current case study shows ➡ Read more

Cyber ​​resilience: Insufficiently prepared despite fear of attacks

In a study, managers from the areas of security and IT operations commented on cyber resilience in their company. The majority ➡ Read more

Learn to hack to prevent attacks

“Ethical hackers” hack into corporate networks to identify security holes before attackers find them. This can be done in a course ➡ Read more