Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Germany has blamed China for a “serious” cyber attack in 2021 on its government agency for precision mapping, which potentially exposed sensitive information vital to protecting critical infrastructure.
German interior minister Nancy Faeser on Wednesday condemned the Chinese state actors responsible “in the strongest possible terms”.
The German foreign office summoned the Chinese ambassador in Berlin for a formal complaint.
The findings come after a three-year long inquiry by German security authorities into who was behind the malware that compromised the systems of the Federal Office for Cartography and Geodesy (BKG).
Independent cyber security experts in 2021 had pointed to Beijing’s likely involvement, identifying the digital fingerprints of groups known as APT15 and APT31 — both known to be sophisticated, established hacking groups run directly by the Chinese Ministry of State Security.
The German government tasked its intelligence services with producing a definitive attribution of responsibility.
“This serious cyber attack on a federal authority shows how great the danger posed by Chinese cyber attacks and espionage is,” said Faeser, announcing the conclusion of that process. “These cyber attacks threaten the digital sovereignty of Germany and Europe.”
The BKG, itself a part of the interior ministry, collects precision data about “the properties and position of every point on the surface of [the] country,” according to its website.
Its data systems are linked to many pieces of critical national infrastructure. After the attack was discovered, German security authorities worked to purge the BKG’s systems of Chinese intruders. The agency says it now believes its databases to be completely secure.
The accusations against Beijing come just weeks after the German government agreed a plan with telecommunications companies to strip Chinese technology from the country’s 5G networks over security concerns.
But the question of how best to respond to China’s aggressive espionage and cyber actions, while also seeking to preserve trade relations, has become an increasingly divisive topic for Germany’s ruling coalition government.
Chancellor Olaf Scholz has favoured a softer approach towards the country’s largest trading partner despite mounting criticism from many of his ministers over what they see as urgent security risks going unaddressed as a result.
In its annual security report released last month, Germany’s domestic intelligence service, the Federal Office for the Protection of the Constitution (BfV) warned that Chinese cyber attacks against German interests would “intensify” in the coming years.
China is pursuing “an offensive cyber strategy” aimed at stealing valuable corporate intellectual property, the agency warned. It also said Beijing was increasingly targeting IT and other service providers that work with government agencies as “gateways” for a new generation of more sophisticated hacking attempts.
“The approach of [Chinese] cyber security espionage actors underwent a significant qualitative and quantitative development, enabling a previously unseen reach and effectiveness to be achieved,” the BfV said in its report.
Read the full article here