New BSI Report Reveals Intensified Cyber Espionage Against German Public Sector

The latest assessment from Germany's Federal Office for Information Security (BSI) indicates a significant rise in cyber espionage activities targeting the country's public administration. The agency's annual report, covering incidents from July 2024 to June 2025, highlights an increased focus from both politically motivated hacking groups and criminal organizations on governmental institutions, defense, legal sectors, and public safety bodies.

The BSI notes that Germany ranks as the fourth most targeted nation globally by so-called Advanced Persistent Threat (APT) groups. These sophisticated hacker collectives conduct sustained, targeted attacks on organizations and states, often seeking sensitive data or aiming to destabilize administrative structures. Despite recent successes in dismantling prominent ransomware networks like LockBit and Alphv through coordinated international law enforcement actions, the BSI warns that the overall cyber threat landscape remains severe, particularly for small and medium-sized organizations and political entities with insufficient cybersecurity measures.

One of the most prominent trends observed is the growing use of phishing attacks, especially those exploiting trusted brands to deceive individuals. The first half of 2025 saw a notable increase in phishing websites impersonating major online retailers, tricking users into revealing confidential information. In urban environments, attackers have deployed manipulated QR codes--commonly referred to as 'quishing'--affixed to parking meters. Unsuspecting motorists attempting to pay via these QR codes are redirected to fraudulent sites designed to capture payment credentials.

The report also points to a rise in telephone-based phishing, or 'vishing,' where cybercriminals impersonate IT support staff to extract sensitive access data from employees of both private firms and public agencies. This technique enables unauthorized access to otherwise secure IT networks, posing a significant risk to both operational continuity and data integrity.

Hardware vulnerabilities continue to be a concern, with the BSI highlighting recent research on a specific security flaw in access control chip cards produced by a Chinese manufacturer. These cards, widely deployed in corporate, governmental, and hospitality sectors, were found to be susceptible to cloning via a universal key, potentially compromising physical and digital security infrastructures.

Software-related risks are also addressed, particularly in light of the discontinuation of standard support for Microsoft Windows 10. While some federal departments have transitioned to newer systems, others remain in the process of upgrading. The BSI advises that institutions still reliant on unsupported operating systems face heightened exposure to emerging threats unless they invest in extended security solutions.

Virtual Private Network (VPN) software vulnerabilities have emerged as another area of concern. The BSI reports that a number of organizations operating in the 'pre-political' sphere experienced security breaches due to unpatched VPN weaknesses. Delays in applying necessary fixes can lead to significant data exposure and operational disruption.

According to the BSI, nearly half of the 10,500 consumer inquiries received over the past year related directly to cyber incidents, predominantly phishing, account misuse, and identity theft. While the number of reported cybersecurity incidents in critical infrastructure sectors--such as water utilities, telecommunications, and transportation--has risen, the agency cautions that this does not automatically signal a broader increase in overall risk, as improved detection and reporting may account for the uptick.

The German digital industry association, Bitkom, estimates that cyberattacks have resulted in economic damages amounting to 202 billion euros over the past year. The association underscores the necessity for businesses to enhance their technical defenses and reduce vulnerabilities, while urging policymakers to ensure that public sector protection standards keep pace with those of the private sector.