Presumably Chinese industrial spies stole VW data on e-drive technology

Between 2010 and 2015, Volkswagen AG was the victim of a large-scale cyberattack by suspected Chinese state hackers, as reported by "ZDF frontal" and "Der Spiegel". Both media outlets have access to internal VW documents that illustrate the extent of the data theft.

The attackers succeeded in penetrating deep into the IT systems of VW, Audi and Bentley on several occasions. A total of around 19,000 confidential files are said to have been stolen. According to ZDF Frontal, the attackers primarily targeted information on drive technologies such as petrol engines, gearboxes and dual clutches, but also on future fields such as electromobility and fuel cells. An expert familiar with the case told Der Spiegel that the attackers were also interested in transmission control software and technical manuals for programming direct-shift transmissions.

VW confirmed the incident to the media, but emphasized that it happened ten years ago. Since then, IT security has been massively expanded. The cyber spies had already begun analyzing VW's IT infrastructure in 2010 to penetrate possible weak points. This was successful just one year later. Between 2011 and 2014, there were repeated data leaks, as internal documents show, according to ZDF Frontal and Spiegel.

Traces lead to China

The company did not want to comment on the suspected perpetrators. However, cybersecurity experts see clear indications of an attack from China, according to the reports. For example, IP addresses led to Beijing, close to the Chinese military intelligence service. The espionage software used, such as "PlugX" and "China Chopper", as well as the behavior of the hackers, who apparently had a regular working day, also speak for Chinese state hackers. The Chinese embassy in Berlin rejected the accusations as "outrageous".

VW noticed the attack on June 3, 2014, when the hackers made a mistake. A team of VW experts then observed the activities for months before striking back on April 24, 2015. On a weekend when it was closing time in China, VW shut down large parts of its network and deleted the data on over 90 servers.

Targeting companies and critical infrastructures

German companies are repeatedly the target of cyberattacks. Just recently, data from Thyssenkrupp's automotive division and customer data from KaDeWe were compromised. The attack on KaDeWe in November 2023 exposed details of thousands of customers and employees. The stolen data, including internal financial information, was later published on the darknet. The traces do not always lead to China, but are often attributed to professional cyber criminals from Russia. This underlines the growing threat to data security.

In February, US and allied security agencies warned of the Chinese hacker group "Volt Typhoon", which has been infiltrating critical US infrastructure in the communications, energy, transportation and water sectors for years. This group exploits security vulnerabilities in network devices to gain permanent access and prepare potentially destructive actions. Particular emphasis is placed on the need to quickly close security gaps and harden systems to minimize the attack surface.

(vza)