Following the cyberattack on the CDU, the investigations are being conducted by the North Rhine-Westphalia State Criminal Police Office (LKA) and the special public prosecutor’s office of the Central and Contact Point for Cybercrime (ZAC NRW). Both authorities confirmed this on Friday. According to a ZAC spokesperson, the reason is that there are “connections to NRW”. The CDU had announced the day before that the attacked service provider was based in North Rhine-Westphalia.

The LKA NRW had already published a press release on Thursday without mentioning the CDU by name. It warned of a vulnerability in products from the Israeli manufacturer Check Point that had been discovered two weeks ago. Although the manufacturer reacted quickly and published “an update and instructions for recognizing attacks that have already taken place via this vulnerability,” the LKA assumes “that vulnerable systems in North Rhine-Westphalia are still accessible and vulnerable from the Internet.”

The CDU was attacked via the vulnerability in Check Point. Data from a calendar belonging to party leader Friedrich Merz (CDU) was also leaked, it was announced on Thursday. No further details were given, citing ongoing investigations. According to ZAC, the public prosecutor’s office is conducting proceedings against unknown persons.

The cyber attack on the CDU became known at the beginning of the month. The Federal Office for the Protection of the Constitution and the Federal Office for Information Security then began investigations. As a precautionary measure, parts of the party’s IT infrastructure were taken offline and isolated. According to earlier information, the central membership file was also affected.

Shortly after the incident became known in early June, Merz said that it was the most serious attack on an IT structure that a political party in Germany had ever experienced. These were massive and highly professional attacks. “We must defend ourselves against this with everything at our disposal,” said the CDU leader.

The SPD was also the victim of a cyber attack last year. At that time, email accounts at the party headquarters were hacked. The federal government blames a unit of the Russian military intelligence service for this attack. At the beginning of May, the Foreign Office summoned a high-ranking Russian diplomat and recalled the German ambassador in Moscow, Alexander Graf Lambsdorff, to Berlin for a week for consultations.