Between 2010 and 2015, Volkswagen fell victim to a large-scale cyberattack allegedly carried out by Chinese state hackers, ZDF Frontal and Spiegel unanimously reported. Both outlets contain internal VW documents detailing the extent of the data theft.
advertisement
The attackers were able to penetrate deeply into the IT systems of Volkswagen, Audi and Bentley on several occasions. A total of about 19,000 confidential files are said to have been stolen. According to ZDF Frontal, the attackers' eyes were primarily on information related to driving technologies such as gasoline engines, transmissions and dual clutches, but also on future areas such as electric mobility and fuel cells. An expert familiar with the case told Der Spiegel that the attackers were also interested in transmission control software and technical manuals for programming live transmissions.
Volkswagen confirmed the incident to the media, but confirmed that it happened ten years ago. Since then, the scope of IT security has expanded significantly. Cyber spies had already begun analyzing Volkswagen's IT infrastructure in 2010 in order to penetrate potential vulnerabilities. This was achieved after only one year. Between 2011 and 2014, there were frequent data flows, internal documents show according to ZDF Frontal and Spiegel.
Traces lead to China
The company did not want to comment on the alleged perpetrators. However, reports say cybersecurity experts see clear evidence of an attack from China. IP addresses led as far as Beijing, close to Chinese military intelligence. The spyware used, such as “PlugX” and “China Chopper”, as well as the behavior of the hackers, who appear to have a normal working day, also speak of Chinese state hackers. The Chinese embassy in Berlin rejected these accusations, describing them as “outrageous.”
Volkswagen noticed the attack on June 3, 2014, when hackers made a mistake. A team of Volkswagen experts monitored the activities for several months before launching a counterattack on April 24, 2015. One weekend, when it was lockdown time in China, VW shut down large parts of its network and deleted data on more than 90 servers.
Businesses and critical infrastructure on the horizon
German companies are frequently subject to cyber attacks. Only recently, data from Thyssenkrupp's automotive division and customer data from KaDeWe were compromised. The attack on KaDeWe in November 2023 exposed details of thousands of customers and employees. The stolen data, including internal financial information, was later published on the dark web. Traces do not always lead to China, but are often attributed to professional cybercriminals from Russia.
Last February, the American security authorities and their allies warned of the Chinese hacker group “Volt Typhoon,” which has been infiltrating vital American infrastructure in the fields of communications, energy, transportation, and water for years. This group exploits vulnerabilities in network devices to gain persistent access and prepare for potentially destructive actions. Particular emphasis is placed on the need to quickly close vulnerabilities and harden systems to reduce the attack surface.
Read also
(Fazza)
Lifelong foodaholic. Professional twitter expert. Organizer. Award-winning internet geek. Coffee advocate.