German security office warned German firms about Chinese hacking

Germany’s Office for Information Security (BSI) has issued warnings to several German firms named by the United States as possible victims of hacking attacks, a newspaper reported, adding that Chinese activity against German firms had increased.

Cyber experts have long warned that Germany – with its high level of technology expertise – is a particularly attractive target for cyber attackers of all kinds, including state actors.

“Construction and materials research, engineering firms and some big commercial enterprises are the focus for hackers,” the Sueddeutsche Zeitung wrote on Wednesday without naming its sources.

The United States is embroiled in a trade conflict with China and a senior U.S. intelligence official said last week that Chinese cyber activity in the United States had risen in recent months, targeting critical infrastructure.

U.S. prosecutors are expected to charge that Chinese hackers were involved in a cyber espionage operation known as “Cloudhopper” targeting technology service providers and their customers, according to people familiar with the matter.

Cloudhopper focuses on hacking large, third-party, data storage companies, and cloud software service companies that store data for U.S. companies and government agencies.

The Sueddeutsche said Cloudhopper attacks were still relatively rare in Germany compared to attacks believed to originate in Russia. While there are not yet weekly victims, the attackers act in a more targeted manner and the damage could therefore be greater, the newspaper said.

In September, Germany’s then domestic spy chief said a growing number of countries can hack into private computer networks and install malicious software to sabotage another country’s infrastructure.

He said China, Russia and other countries continued to try to break into German companies’ computers to steal industrial information.

In a push to fend off unwanted takeovers by Chinese investors, Germany’s cabinet is expected on Wednesday to lower the threshold to launch security probes of stake purchases by non-European entities to protect critical infrastructure.