Cyber Incident Victim: Init
Date:
May 2022
Location:
Germany
Summary
Hackers targeted three German IT service providers, including Init, compromising sensitive data such as personal information, project details, and email communications from federal and state authorities. The attackers, suspected to have state-sponsored ties, potentially exploited stolen data for highly targeted social engineering campaigns to infiltrate networks or extract confidential documents. Init confirmed the breach, notifying affected clients while investigations by law enforcement agencies continued. A separate DDoS attack disrupted services for several federal entities linked to the ITZ Bund, though no immediate threat to federal IT security was declared. Authorities initiated security measures to contain potential malware spread, while cybersecurity experts emphasized the sophistication of the intrusions and the risks posed to critical infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early 2023, German authorities identified a series of cyberattacks targeting three IT service providers—Adesso, Materna, and Init—that supported federal and state government agencies. The Information Technology Centre of the Federal Government (ITZ Bund), which collaborates with these firms and serves approximately 200 federal and state authorities, issued an internal warning in late April 2023 detailing the breaches. Adesso, based in Dortmund, was the first confirmed victim, with external cybersecurity experts determining that attackers had infiltrated its networks as early as May 2022. The breach exposed extensive email communications containing personal data, phone numbers, office locations, project details, and attached documents. By March 2023, Materna—another Dortmund-based provider serving clients like the Federal Customs Administration and the Robert Koch Institute—disclosed it was also compromised, though it claimed no evidence of exfiltrated communications with federal agencies. Init, a Berlin-based company serving the Federal Interior Ministry and Federal Ministry for Economic Affairs, confirmed its involvement in a separate attack following inquiries in late April 2023, notifying affected clients while investigations remained ongoing under the Berlin State Criminal Police Office (LKA).
The ITZ Bund warned that stolen email data could facilitate highly targeted social engineering campaigns, with evidence suggesting such follow-on attacks might already be underway. It highlighted risks of employees inadvertently leaking confidential documents or enabling attackers to inject malicious code or data into federal systems. While the Federal Interior Ministry and Federal Office for Information Security (BSI) asserted no immediate threat to federal IT infrastructure, the Federal Finance Ministry—overseeing the ITZ Bund—acknowledged implementing containment measures after the January 2023 disclosures to prevent potential malware proliferation. A separate February 2023 DDoS attack targeting ITZ Bund clients, including the Federal Intelligence Service and multiple ministries, was classified internally as a "Major Incident," though its relation to the service provider breaches remained unconfirmed. Security experts and parliamentary officials criticized the government’s cybersecurity preparedness, with Konstantin von Notz of the Greens describing the attacks as sophisticated and likely aimed at extracting sensitive operational intelligence, while unnamed sources attributed the campaign’s coordination and methods to a state-sponsored actor.