Overview

• Berlin’s justice administration confirmed a focused intrusion on a single workstation in Felor Badenberg’s leadership area and said the device was immediately taken offline.
• Authorities notified the Landeskriminalamt, Berlin’s IT service center, the Cyber Defence Center and the CERT, and report no indications of further malicious traffic or impact on external systems.
• Stolen information includes person-related correspondence dating back to February 1, 2023, with reporting adding access to Badenberg’s digital calendar and private addresses.
• According to reporting based on security circles, the operation used spear‑phishing emails impersonating a senior Central Council of Jews representative, leading to malware installation after a link was clicked.
• Security sources suspect an Iran-linked group, possibly tied to the Revolutionary Guard, as politicians call for stronger protective powers and experts warn about rising espionage risks; investigations continue.