Decade-long hack: How Chinese cyber spies infiltrated Volkswagen

For years, hackers have been stealing data from the Volkswagen Group. The German conglomerate was most likely spied on by hackers from China. Cybercriminals were stealing the automotive company's data to acquire German know-how - Der Spiegel and ZDF television journalists have determined.

In 2014, Volkswagen CEO Martin Winterkorn was enthusiastic about cooperation with China and spoke of it in the highest terms. At the Beijing auto show, he talked about "partnership, trust, and understanding."

As Der Spiegel and ZDF television reported, their joint investigation indicates that between 2010 and 2014, these "trusted partners" from China were slowly pilfering data from the German automotive conglomerate. After review, journalists accessed over 40 documents, which provided insights into a massive cyberattack on the Volkswagen Group servers that lasted for years.

"(...) the attackers made off with as many as 19,000 files. The group listed 'gasoline engine development,' 'gearbox development,' and 'dual-clutch transmission' as 'identified targets.' " – Der Spiegel reports, attempting to describe the scale of the attack.

It is known that hackers penetrated Volkswagen's servers at their Mexican headquarters in Puebla. From there, they gained access to servers at the main headquarters in Wolfsburg. From 2010 to 2014, they remained undetected until a typo exposed them. One error utilized too many network resources. That's when the IT staff realised something was amiss.

Also read: China - Iran - Russia. The axis of evil in the 21st century? An ambassador talks about a "partnership of reason"

As a result, Volkswagen disconnected nearly all computers from the internet over a single weekend. IT staff inspected and reinstalled 90% of the software across the company.

(...) others (experts - ed.) describe the cyberattack as the largest of its kind at that time worldwide. From the documents, it appears that the company involved in this matter, Microsoft, stated at the time that so many (IT systems - ed.) systems have never needed to be reinstalled at once - the journalists from Der Spiegel report to emphasize the scale of the cyberattack.

But why was there a suspicion that it was specifically Chinese hackers targeting the German automotive giant? All clues gathered in the documentation, which the journalists accessed, lead to this conclusion.

The hackers' IP address "could be traced back to Beijing" – says a person familiar with the process. (...) The spyware used in hacking VW, as well as the methodology of the attackers, bore their signature. They used programs such as PlugX or China Chopper, which were almost exclusively employed by hackers from the PRC - an expert quoted by Der Spiegel said anonymously.