The federal government has officially blamed state authorities in the People’s Republic of China for an intrusion into the network of the Federal Office of Cartography and Geodesy (BKG) in 2021. She speaks of a “serious cyber incident”. The Chinese ambassador was summoned to the Foreign Office for the first time since the Tiananmen Square massacre in 1989. A Foreign Office spokesman announced this in Berlin on Wednesday afternoon. The incident first became known to the wider public in 2023, and the official division of blame continued thereafter.
Advertisement
In 2021, attackers managed to break into the network of the federal office responsible for geodata and reference data. The Federal Ministry of the Interior (BMI) says the aim of the attackers was to conduct espionage against public bodies. In Germany, the Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) were formally involved in apprehending the criminal.
The attackers used small equipment to conceal themselves
The 400 employees of the BKG are responsible for creating and providing all kinds of geodata within the Federal Ministry of the Interior. They are responsible for measuring the Federal Republic in the form of coordinates, coordinating data from the federal states and providing GIS data and 3D terrain models. The BKG is also the operator of geoportal.dethe official geodata portal of the Federal Republic. Foreign Office spokesman Sebastian Fischer pointed out that the BKG also serves an important function for numerous private sector bodies in the field of critical infrastructure.
According to BMI, the attackers entered the network using obfuscation mechanisms using end devices for home use (SOHO) and compromised various types of end devices. This should make it clear that the attacking group was APT15: this group is also known as Vixen Panda, Mirage, Playful Dargon or Cylon Typhoon, which is credited with precisely this approach, the BfV already had extensive information about this actor and its approach; in 2023 cautioned,
The federal government is now repeatedly naming those responsible
Attributing authorship in cyber attacks is politically and diplomatically delicate. The current federal government is now increasingly using it as a means to publicly put pressure on state or state-tolerated actors and their supporters. A few weeks ago, the Foreign Office officially attributed the attack on the SPD and various KRITIS operators in 2022 to state-affiliated actors from the Russian Federation.
Today’s attribution is special because it is the first time that official Chinese authorities have been held directly responsible. And this is in a case in which a government agency was attacked. While espionage, such as the case that has now been made public, is not generally prohibited in terms of international law, the limits of the prohibition of force in the UN Charter may be exceeded in the case of sabotage by state actors.
The formal protest that the Foreign Ministry has now addressed to the People’s Republic’s ambassador in Berlin is also reflected in a statement by Federal Interior Minister Nancy Feser (SPD), who is responsible for counterintelligence: “We call on China to refrain from carrying out such cyber attacks. These cyber attacks endanger the digital sovereignty of Germany and Europe.” The federal government is resolutely countering these threats and has significantly increased security. In this context, Feser referred to the NIS2 implementation law, which passed in the cabinet last week after more than a year of internal government discussions.
(Application)
