Germany has summoned Russia’s top envoy over a series of cyber attacks targeting members of the ruling Social Democrats and its defense and technology sector.
The 2023 attacks, in which several websites were knocked offline in an apparent response to Berlin’s decision to send tanks to Ukraine, were blamed on a group of hackers linked to Russian military intelligence.
It took advantage of a then-unknown vulnerability in the Microsoft Outlook email service and, according to German officials, compromised the servers of the affected companies.
“We can say unequivocally today [that] we can attribute this cyber attack to a group called APT28, which is directed by the Russian military intelligence service,” German Foreign Minister Annalena Baerbock said at a news conference during a visit to Australia. “In other words, it was a state-sponsored Russian cyber attack on Germany, and this is completely unacceptable and will have consequences.”
The Czech Republic said its institutions were also targeted. “The APT28 has been targeting the Czech Republic for a long time. Such violations are in violation of the norms of the United Nations regarding the responsible behavior of states,” said a statement from the foreign ministry.
APT28, also known as Fancy Bear or Pawn Storm, has been accused of many cyber attacks in countries around the world. The UK’s National Cyber Security Center has described the unit as a “highly skilled threat actor” who “used tools including X-Tunnel, X-Agent and CompuTrace to penetrate target networks”.
Germany’s interior ministry said a series of cyber attacks attributable to Russia’s GRU military intelligence service had also targeted the country’s logistics, defence, aerospace and IT sectors, exploiting the vulnerability in Microsoft Outlook to compromise email accounts .
“Russian cyber-attacks are a threat to our democracy, which we are firmly resisting,” said interior minister Nancy Faeser, adding that Germany was acting alongside the EU and NATO. “We will not allow ourselves to be intimidated by the Russian regime.”
She said it was vital to tackle such attacks from Russia before the European elections in June. The European Union condemned the “irresponsible” cyber attacks on Germany and the Czech Republic on Friday, revealing that “the same threat actor targeted state institutions, agencies and entities in Member States, including in Poland, in Lithuania, Slovakia and Sweden. “.
NATO condemned the “malicious” attacks and said they were a reminder that “cyber threat actors are constantly seeking to destabilize the alliance”.
Summoning an ambassador or high-ranking official is considered a powerful diplomatic tool. A spokesman for the German foreign ministry said the acting chargé d’affaires had been invited to attend a meeting because the incident shows that “Russia’s threat to security and peace in Europe is real and enormous”
Germany at the time of the attack in 2023 was approaching the decision to send Leopold 2 battle tanks to the front line after Ukraine appealed for a fleet of 300 from Europe. The EU’s computer security response unit, Cert-EU, noted last year a German media report that an SPD executive had been targeted in a January 2023 cyber attack “resulting in possible data disclosure”. Berlin also said that Russian activist hackers knocked several German websites offline in response to its decision to send tanks to Ukraine, although they had little tangible effect.
The pro-Russian hacking group Killnet took credit for the attack at the time, with Kremlin spokesman Dmitry Peskov saying: “We don’t know what [Killnet] yes. I honestly wonder why any hacker group is associated with Russia and not some other European country.”
European leaders officially consider cyber attacks part of Russia’s “hybrid” war against Ukraine and the EU. Disinformation across social media and doppelganger or fake news websites that look almost exactly like legitimate media are part of the arsenal being deployed by the Kremlin, and the EU has identified more than 17,000 disinformation units since the beginning of the war.
A network of pro-Russian doppelganger sites was exposed in 2022 and is still active. In April, the fake Der Spiegel website claimed that Germany’s finance minister, Christian Lindner, was “robbing” pensioners.
The EU’s top diplomat, Josep Borrell, said earlier this year that Russia was using disinformation to undermine the credibility of mainstream parties, sowing the seeds of distrust in democracy and creating hatred against minorities. He said that this new type of warfare is not about “bombs that kill you” but words and ideas that “colonize you”.
The World Economic Forum ranked disinformation and cyber-attacks – the so-called manipulation and interference of foreign intelligence – as “the second biggest risk the world will face this year”, and NATO said it was tackling as important as physical weapons. .
Baerbock’s comments come two months after Russian media published an audio recording of a meeting of senior German military officials, after one participant dialed in via an “unauthorized connection” that led to the leak. Germany has said it will work with EU countries on possible sanctions against any new people working with APT28, which was previously sanctioned after an attack on the Bundestag in 2015.