Germany’s CDU still struggling to restore data months after June cyberattack
Putting a spanner in work for plans of opposition party to launch a comeback during next year's elections
One of Germany's major political parties is still struggling to restore member data more than three months after a June cyberattack targeting its systems.
The center-right Christian Democratic Union (CDU) is concerned the issue may even affect selecting representatives for next year's federal election.
Friedrich Merz, Angela Merkel's successor as federal chairman of Germany's center right CDU party – Pic: Penofoto/Shutterstock
According to a resolution by the CDU state executive committee in Berlin: "Due to the hacker attack on the CDU's data it is not possible to fully restore the member data to date, so that a legally secure invitation to the nominations is currently not possible," Der Spiegel reports.
The CDU is currently the main opposition in Germany's Bundestag after losing the 2021 election, with its coalition with the CSU (Christian Social Union) garnering just 24.1 percent of the vote. Prior to that, it was the ruling party in German politics from 2005 with Angela Merkel at its helm, and has been the dominant party since the end of World War II. Its current leader is Friedrich Merz. The traffic light coalition (red for the SPD or Social Democratic Party; yellow for the Free Democratic Party or FDP; and green for the Greens) won the vote with 25.7 percent, 11.5 percent, and 14.8 percent respectively and 53 percent collectively.
But the CDU is currently among the favorites to retake power, being seen as a middle way while support for traffic light coalition leader, the SPD, wanes, and that for the far-right Alternative for Germany (AfD), swells. Earlier this month, the AfD made unprecented gains in Germany's regional elections.
The CDU originally aimed to have its data restored by mid-September, but this deadline has now been pushed back to November.
The incident hit Merz's party over the summer, forcing it to pull systems offline, and was described at the time as "serious" by Germany's interior ministry.
"There was a serious cyber attack on the CDU network," the BMI Xeeted. "Our security at the BSI and the Federal Office for the Protection of the Constitution are working intensively to ward off the attack, investigate it, and prevent further damage.
"The BfV will issue a warning to all parties in the German Bundestag about the current attack. Our security authorities have ramped up all protective measures against digital and hybrid threats and are informing people about the dangers."
Details of the attack were kept quiet – details such as the nature of the attack and what data may have been accessed, if any, haven't been revealed.
The CDU's incident came just two months before Germany fingered China for a 2021 attack on the government department of mapping, echoing the oft-repeated warning of the threat China poses to Western forces in cyberspace.
- Germany names China as source of attack on government geospatial agency
- German budget woes threaten chip fab funding for Intel and TSMC
- German Digital Affairs Committee hearing heaps scorn on Chat Control
- European carriers push for more OpenRAN support... but it might not end in a win
That threat has been loudly reaffirmed by representatives from the US' and UK's political and technological circles this year. The UK's NCSC has repeatedly labeled China as an "epoch-defining challenge," while spy agency GCHQ spends the majority of its resources on dealing with Beijing.
APT31 has especially attracted the attention of the US and UK, with the former charging seven members of the Beijing-linked cyberespionage outfit in March for various attacks against US targets. ®