Data theft at Rheinmetall: Is the Bundeswehr now in danger?

Data theft at Rheinmetall: Is the Bundeswehr now in danger?

On April 4, 2025, a significant hacker attack on the German defense company Rheinmetall was discovered. A hacker group suspected of being close to Russia announced that it had gained access to 750 gigabytes of the company's internal data. This group also published a download link to 1,400 documents containing potentially explosive information. According to Rheinmetall, most of these documents come from an older case and are formally classified as “non-sensitive,” although experts are nonetheless concerned about the dangerous information the data could contain, particularly regarding military technologies.

Overall, the data sets contain information about tanks such as the Puma, engines, proof of delivery and test certificates. Colonel A. D. Ralph Thiele warns that the leaked information provides clues about firing angles, ammunition and penetration capabilities that are important in the fight against tanks. Major General Jürgen Setzer emphasizes that the attacks on Rheinmetall could also endanger the Bundeswehr's military infrastructure.

Reactions from the authorities and the arms industry

The arms industry is increasingly the focus of cyber attacks, which Sinan Selen, President of the Federal Office for the Protection of the Constitution, does not leave unchallenged. He emphasizes the threat from foreign powers that specifically target the arms industry. Rheinmetall informed both the Federal Office for Information Security and the North Rhine-Westphalia data protection authority about the incident. Nevertheless, many supplier companies, including ESG GmbH, which belongs to Hensoldt AG, only found out about the data leak through research by Plusminus and br Data.

The fact that Rheinmetall was not legally obliged to inform suppliers about the data leak is criticized by security experts. Colonel A. D. Thiele pointed out that in today's world it is crucial to maintain control over logistics and supply chains to ensure military efficiency.

Dangers from the leaked data

IT security expert Benjamin Mejri warns of the dangers that could result from the leaked information. These documents could be used by intelligence services or criminal hackers to plan targeted attacks through phishing or even sabotage. Cyber ​​attackers could use AI-supported OSINT analysis to draw potentially dangerous conclusions.

The leaked documents not only contain technical specifications, but also information on material deliveries from over 100 suppliers. This expands cybercriminals' potential attack surfaces and calls into question the security of the entire industry. The incidents illustrate the vulnerability of security-relevant networks and the necessary inclusion of partner companies in security strategies.

Overall, the Rheinmetall case exemplifies how urgent the need is to improve security precautions in the defense industry and to involve partner companies more closely in their security strategies. These challenges are part of increasing hybrid warfare, in which cyberattacks play a key role.

For more information on this topic please visit Ingenieur.de and Tagesschau.de.