German Aerospace Center hit by serious malware-based attack

Pierluigi Paganini April 16, 2014

The German Aerospace Center was victim of a cyberespionage attack, many computers have been infected by sophisticated Trojans and other spyware.

Cyber espionage is considerable today one of the most alarming cyber threats for governments and private industries, a growing number of attacks has the primary purpose to steal sensitive information like secret documents and intellectual property.

Recently the US Government has raised the alert level of the cyber threat in consideration of the numerous attacks observed during the last twelve months.

The news of the day is related to a new significant malware-based attack against the German Aerospace Centre (DLR – Deutsches Zentrum für Luft- und Raumfahrt e. V.).

German Aerospace Center 2

The disturbing news was reported by German Agency Der Spiegel during the weekend, the German Aerospace Centre was hit by an attack conducted by foreign state-sponsored hackers.

The German Aerospace Centre is located in Cologne and in its building are conducted research activities for the development of technologies for defense, communications, air safety or the environment:

The media agency reported the cyber attack as a “coordinated and systematic” offensive probably conducted by a foreign intelligence agency. 

Several computers within the  German Aerospace Centre have been infected by Trojans and other spyware used to gather sensitive information.

“As was now known, the DLR fights for months against the alleged assault of a foreign intelligence service: According to research by SPIEGEL DLR turned on the National Cyber ​​Defence Centre in Bonn, after several computers of researchers and system administrators with espionage had been infiltrated programs.” reported Der Spiegel.

The operation appears as a long term cyber espionage program and as usually happen in these cases the first suspect is China, the most persistent collector of information. The first results produced by the investigation refer of Chinese characters present in the source code of the malware used.

“IT forensic experts of the Federal Office for Security in Information Technology (BSI) discovered in the code of some Trojan Chinese characters and recurring typos that suggest attacker from the Far East.”

“But it could also be a simple camouflage,” says an insider, an attack from the West, such as the U.S. Secret NSA may not be completely ruled out. The federal government classifies the case as extremely serious because it aims, among other things, armor and missile technology”. reports the newspaper. 

The attack on German Aerospace Center (DLR) appears very sophisticated, the forensic investigators who have analyzed the infected systems were not able to detect the malware used in the attacks, the Trojans which compromised the targets were designed to self-destruct as soon as they discovered.The report refers that the malicious agents were able to remain hidden for a long time infecting all operating systems used at the German Aerospace Center

The investigation is still ongoing, the German authorities consider the cyber attack an alarming event, the demonstration that foreign Intelligence agencies are very interested to gather sensitive information and secret projects based on advanced researches.

Pierluigi Paganini

(Security Affairs –  German Aerospace Center, cyber espionage)

you might also like

leave a comment