Source: European Parliament
Question for written answer E-002101/2025
to the Commission
Rule 144
Bart Groothuis (Renew)
According to a blog post[1] by the cybersecurity company Eclectic IQ, a Chinese hacker group, UNC5221, is responsible for a hack of Germany’s largest telecommunications company, Deutsche Telekom, as well as its subsidiaries that provide IT services. The blog also reveals that this hacker group has targeted other strategic sectors in Europe.
According to other sources, a subsidiary of Deutsche Telekom, T-Systems, also provides services to the Commission. T-Systems has even been designated as a ‘preferred supplier’ of the Commission for the provision of IT infrastructure. This raises serious questions about the security of the EU’s IT infrastructure.
- 1.Is the Commission aware of this hack, has the Commission itself been affected, and what measures does the Commission take to manage such risks?
- 2.Why are strategically sensitive hacks such as these not publicly disclosed, and does the Commission agree that silence about such breaches actually facilitates their continuation within Europe?
- 3.What steps is the Commission taking towards the Chinese authorities in response to these attacks, and what additional measures is the Commission considering to prevent such attacks in the future?
Submitted: 26.5.2025
- [1] Büyükkaya, A., ‘China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability’, EclecticIQ, 21 May 2025, https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability.