Hacked data from Germany’s dena has been published on the darknet

The German Energy Agency (dena) has announced that hacker group Lockbit has published stolen data from the company on the darknet.

The hack, performed by recently shut down hacker group Blackcat, occured on November 13, 2023, and saw the Agency fall victim to a ransomware attack. Central servers were compromised and partially encrypted.

During the attack, the hackers were able to copy dena files and publish them on the darknet. After this incident became known, dena immediately started an examination of the illegally published data; a test which is ongoing.

Results of the investigation have already revealed that the attack may have affected personal data such as:

• Contact and communication data
• Bank details
• Information about organisational affiliation and function/position in the organisation
• Customer history information
• Personnel data, such as:
  • Date of birth
  • Personnel number
  • Date of entry and exit
  • Working time model
  • Date of birth and information on income tax classification such as tax ID, tax class, denomination, child allowance (as of 2013/2014)
  • Information on remuneration and promotion
  • Information on participation in training, etc.
  • Further training offers from dena as well as documents from the application process and employee discussions

Have you read:
Ransomware attack hits Schneider Electric sustainability division
Sandworm unveiled as October 2022 Ukraine infrastructure hackers

The attack

After an examination of the stolen data sets, dena informed those affected by the publication as to which of their data could be affected.

The Agency has stated in a release that they are in close contact with the Federal Ministry for Economic Affairs and Climate Protection (BMWK) and other government agencies, calling in service providers to analyse the incident and set up protective mechanisms.

According to the Agency, at the time of the incident in November, to avert danger all dena servers were immediately shut down. The public was informed about the attack the following day.

Hacker group BlackCat claimed responsibility for the attack, following their pattern of threatening to publish data if ransom demands were not met.

Three weeks after the incident, the group listed dena as a blackmailed company on its website and announced that it would publish data. A short time later, BlackCat’s websites were no longer accessible.

An international investigative group led by US authorities shut down the hacker group at the beginning of December, 2023.

However, hacker group Lockbit then emerged shortly afterwards and announced that it was in possession of the stolen dena data and would publish it.

The ultimatum given initially went without further action.

Founded in 2000, dena has to date launched approximately 1,500 projects worldwide for the energy transition, has 96 projects currently in implementation, employs 550 staff members and assists public and private sector clients with energy transition services.

As a think tank, the Agency studies the challenges of building a climate-neutral society and supports the German government in achieving its energy and climate policy objectives.