Cyberattack on CDU: Investigation Now with the Federal Public Prosecutor General
In the case of the zero-day exploit used to access CDU infrastructure in software from Check Point, the Federal Public Prosecutor General has taken over
(Image: Electric Egg/Shutterstock.com)
The case had not only alarmed the Christian Democratic Union of Germany (CDU): In May 2024 – shortly before the European elections – attackers exploited a zero-day exploit in Check Point's access security systems for the party's internal network, thereby gaining access to internal documents and data. The proceedings have now changed jurisdiction, as the Federal Public Prosecutor General in Karlsruhe first confirmed to dpa. Until now, the authorities in North Rhine-Westphalia had led the investigations. However, the Federal Public Prosecutor General and his staff can take over proceedings if there is suspicion that, for example, the democratic constitutional state is being endangered, for instance due to suspicion of espionage or sabotage.
Whether the investigations now taken over concern only the CDU case or also other companies and organizations affected by the exploitation of the security vulnerability could not be elaborated on by the Federal Public Prosecutor General upon inquiry from heise online, with reference to the ongoing investigation. The exploited vulnerability had affected not only the CDU but also companies from a wide range of critical infrastructures. The extent to which these were also specifically attacked is not publicly known.
Perimeter Systems Continue to Be an Entry Point
Following the incident last early summer, the Federal Office for Information Security publicly warned users to urgently install patches. In the authority's annual report, there was again a clear warning about attacks on perimeter systems such as firewalls. "In the case of zero-day exploits, possible protective measures are usually limited, but it shows that firewall operators were less frequently affected by attacks when management access was restricted to trusted sources," the report states. At the CDU, confidence in the security measures taken was reportedly strong until the hack occurred.
Videos by heise
Should further investigations reveal a state or state-affiliated actor, which can be considered at least probable after the takeover by the Federal Public Prosecutor General, prosecution is almost impossible. However, in comparable cases, political pressure has been significantly increased, for example, by the public attribution of the SPD hack in 2022 by the previous federal government in early May 2024 to the Russian military intelligence service GRU.
(mki)
