Cyber Incident Victim: Statistisches Bundesamt
Date:
Jan 2024
Location:
Germany
Summary
Cybercriminals allegedly exfiltrated 3.8 GB of corporate data from the federal statistical office's systems, potentially accessing databases via compromised credentials linked to its IDEV data collection platform. The stolen information reportedly includes contact details, addresses, tax identification numbers, names, phone numbers, email addresses, and documents, though the presence of sensitive data remains unverified. The organization has taken the affected system offline pending investigation into the claims, while the attackers have advertised the data for sale in underground forums, suggesting potential unauthorized access through phishing or credential-based attacks that have not been officially confirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Cybercriminals reportedly exfiltrated 3.8 gigabytes of corporate data from Germany’s Federal Statistical Office (Destatis), with the stolen information appearing for sale on underground forums as of early January 2024. The attackers claimed the dataset included contact details, company addresses, departments, VAT numbers, regional classifications, job titles, employee names, telephone and fax numbers, email addresses, and unspecified documents, though the presence of highly sensitive or confidential information remained unverified. Initial evidence suggested the breach targeted Destatis’s Internet Data Collection in the Statistical Network (IDEV) system, a platform used for federal and state statistical surveys. A criminal group on Telegram boasted of compromising an IDEV account, displaying credentials with an apparently weak password, though the method of obtaining these credentials—whether through phishing, password spraying, or other means—was not confirmed. Destatis proactively took the IDEV system offline for maintenance following the allegations, rendering it inaccessible, though alternative access remained available through a joint survey portal used by federal and state statistical offices.
Destatis declined to provide verbal confirmation or details about the incident during initial press inquiries but later stated in writing that it was investigating the allegations of a potential data leak while withholding further information. The agency’s public response emphasized precautionary measures but did not acknowledge the breach’s validity, scope, or operational impact beyond the IDEV takedown. The incident’s origins remained unclear, including whether the attackers used legitimate credentials, exploited vulnerabilities, or fabricated their claims entirely. Data breaches affecting major federal agencies like Destatis are relatively uncommon in Germany, with smaller government entities more frequently targeted, such as a May 2023 ransomware attack against Hesse’s police academy involving potential data exfiltration. The stolen Destatis data’s underground listing implied financial motives, though no ransom demands or disruptive attacks were explicitly mentioned in available reports.