Cyberattack on CDU reportedly exploited vulnerability in Check Point Gateway
According to insiders, a recently closed vulnerability in Check Point's network security products made the attack on CDU possible.
CDU party headquarters in Berlin
(Image: Shutterstock/Electric Egg)
According to well-informed circles, the cyberattack on the CDU party headquarters that became known on Friday was carried out by exploiting a vulnerability in Check Point Network Security Gateways. The CDU did not comment on the status of the investigation when asked by heise online on Monday.
Check Point published a fix for the vulnerability named CVE-2024-24919, which is classified as critical, at the end of May. According to Check Point, remote accesses that were exclusively password-protected were used to gain access to the security gateways and from there to penetrate further into the network of those under attack. The vulnerability has already been actively exploited.
Phishing attack
According to people familiar with the matter, the CDU party headquarters is among the affected users of Check Point software. In combination with a phishing attack, the exploitation of the vulnerabilities led to the incidents at the CDU reported on Saturday.
The Federal Office for the Protection of the Constitution, which was also involved, is not commenting further on the incident at this time. The parties, the Bundestag and the parliamentary group leaders were informed by the authority responsible for counterintelligence about possible additional security precautions.
As the Federal Ministry of the Interior explained in Berlin at midday, this was a "serious attack". The manner in which the attack was carried out indicated that it was carried out by a professional actor. Attempts similar to the attack on the CDU are also said to have been made on parliamentary groups and other parties – but probably unsuccessfully.
"Hack and leak" shortly before the election?
The incident also caused great concern because the hack became known just one week before the European elections. Security experts had repeatedly warned against short-term "hack and leak" campaigns in the run-up to the European elections: information obtained in this way could be recontextualized and used for propaganda purposes. It would then be almost impossible to effectively refute them before the election date.
Whether this was a goal of the attackers on the CDU systems is currently unknown – as is the authorship. A linguistically unsuccessful spear phishing attack on the CDU in February was attributed to the APT29 group, which is part of the Russian military intelligence service GRU. This also includes the APT28 group, to which the attack on the SPD at the turn of the year 2022/23 was officially attributed $(LB4583958:by the German government).
(nie)
