Chinese industrial spies may have stolen VW’s data on electric drive technology

Between 2010 and 2015, Volkswagen AG was the victim of massive cyber attacks allegedly carried out by Chinese government hackers, as “ZDF frontal” and “Spiegel” unanimously reported. Both media outlets have internal VW documents showing the extent of the data theft.

Advertisement

The attackers were able to penetrate deeply into the IT systems of VW, Audi and Bentley several times. A total of about 19,000 confidential files are said to have been stolen. According to ZDF Frontal, the attackers’ interests were mainly on information on driving technology such as gasoline engines, electric transmission and two-pole, but also on future fields such as electricity and fuel cells. An expert who knows the case statement to the mirrorthat the attackers were also interested in transmission control software and technical manuals for live shift programming.

VW confirmed the incident to the media, but insisted it happened ten years ago. Since then, IT security has expanded significantly. Cyber ​​spies had already started analyzing VW’s IT infrastructure in 2010 to penetrate through possible vulnerabilities. This was achieved just one year later. Between 2011 and 2014 there was repeated data streaming, as internal documents show according to ZDF Frontal and Spiegel.

The impact goes to China

The company did not want to comment on the alleged perpetrators. However, cyber security experts see clear evidence of an attack from China, reports say. IP addresses led to Beijing, close to Chinese military intelligence. The spyware used, such as “PlugX” and “China Chopper”, as well as the behavior of the hackers, who apparently had a normal day at work, also speak for Chinese government hackers. The Chinese embassy in Berlin dismissed the claims as “outrageous”.

VW discovered the attack on June 3, 2014, when hackers made a mistake. A team of VW experts then investigated the activity for several months before launching a counterattack on April 24, 2015. One weekend, during a shutdown in China, VW shut down large parts of its network and deleted data on more than 90 servers.

Companies with significant visible infrastructure

German companies are frequently the target of cyber attacks. Just recently, data from Thyssenkrupp’s automotive division and customer data from KaDeWe were compromised. The KaDeWe attack in November 2023 exposed the details of thousands of customers and employees. The stolen data, including internal financial information, was later published on the dark web. The attacks are not always directed at China, but are often linked to professional criminals from Russia.

US security agencies and their allies warned in February about the Chinese hacker group “Volt Typhoon”, which has been infiltrating critical US infrastructure in the areas of communications, energy, transport and water for years. This group exploits vulnerabilities in network devices to gain continuous access and prepare for potentially destructive actions. Particular emphasis is placed on the need to quickly close security gaps and strengthen systems to reduce the attack surface.

(dress)