Germany has summoned a Russian envoy over a series of cyberattacks targeting the ruling Social Democrats and their defense and technology sectors.
The 2023 attack, which took several websites offline in apparent response to Berlin’s decision to send tanks to Ukraine, was attributed to a hacker group linked to Russia’s military intelligence services. It is said that
German authorities said the virus exploited a then-unknown vulnerability in the Microsoft Outlook email service to compromise the servers of affected companies.
“Today, we can say unequivocally that [that] “This cyberattack is believed to have been carried out by a group called APT28, which is directed by Russian military intelligence,” German Foreign Minister Annalena Verbock said at a press conference during a visit to Australia. “In other words, this is a state-sponsored Russian cyberattack against Germany, which is absolutely unacceptable and will have consequences.”
The Czech Republic said its institutions were also targeted. “The Czech Republic has long been a target of APT28. Such violations violate UN norms on the responsible conduct of states,” the Ministry of Foreign Affairs said in a statement.
APT28, also known as Fancy Bear or Pawn Storm, has been accused of dozens of cyber attacks around the world. The UK National Cyber Security Center explained about the unit They are described as “highly skilled attackers” who “used tools such as X-Tunnel, X-Agent, and CompuTrace to infiltrate target networks.”
Germany’s Interior Ministry said a series of cyberattacks by Russia’s military intelligence agency GRU also targeted the country’s logistics, defense, aerospace and IT sectors, and exploited a vulnerability in Microsoft Outlook to compromise email accounts. Announced.
“Russian cyberattacks are a threat to our democracy and we are resolutely fighting them,” Interior Minister Nancy Feser said, adding that Germany was acting in cooperation with the EU and NATO. “Under no circumstances should we be allowed to be intimidated by the Russian regime.”
He said it was especially important to counter such attacks from Russia ahead of the European elections in June. The EU on Friday condemned “irresponsible” cyberattacks on Germany and the Czech Republic, saying “state institutions, institutions and entities in member states, including Poland, Lithuania, Slovakia and Sweden, were previously targeted by the same attackers. There’s something going on,” he said. ”.
NATO condemned the “malicious” attack and said it was a reminder that “cyber attackers persistently seek to destabilize the alliance.”
Summoning ambassadors and senior officials is considered a powerful diplomatic tool. A German Foreign Ministry spokesperson said the incident showed that “Russia’s threat to security and peace in Europe is real and that the threat is enormous” and invited the chargé d’affaires to attend the meeting. said that it was done.
At the time of the 2023 attack, Germany was inching toward a decision to send Leopold II tanks to the front lines after Ukraine requested a fleet of 300 ships from Europe. Cert-EU, the EU’s computer security arm, drew attention last year to reports in German media that SPD executives were targeted in a cyberattack in January 2023, “which could result in a data breach.” Berlin also said Russian activist hackers had taken several German websites offline following the decision to send tanks to Ukraine, but had little visible effect.
Pro-Russian hacker group Killnet took credit for the attack at the time, with Kremlin spokesman Dmitry Peskov saying: [Killnet] teeth. We honestly wonder why the hacker group is associated with Russia and not with other European countries. ”
European leaders have officially labeled the cyberattack as part of Russia’s “hybrid” war against Ukraine and the EU. Disinformation across social media, doppelgangers or fake news websites that look almost identical to legitimate media is part of the Kremlin’s arsenal, with more than 17,000 disinformation units identified by the EU since the start of the war. ing.
The pro-Russian doppelganger site network was discovered in 2022 and is still active. In April, a fake Der Spiegel website claimed that German Finance Minister Christian Lindner was “robbing” pensioners.
Earlier this year, the EU’s chief diplomat Josep Borrell said Russia was using disinformation to undermine trust in mainstream political parties, sow distrust in democracy and generate hatred against minorities. He said this new kind of war “does not include bombs that kill you,” but it does include words and ideas that “colonize you.”
The World Economic Forum has ranked disinformation and cyber-attacks, so-called foreign information manipulation and interference, as the “second-biggest risk the world will face this year,” while NATO has ranked it on par with physical weapons. He said he treats it as important.
Burbock’s comments come two days after Russian media published an audio recording of a meeting of German military officials, alleging that one of the participants dialed in via an “unauthorized connection”, leading to a data leak. It was announced a month later. Germany said it would work with EU countries on possible sanctions against additional individuals collaborating with APT28, which was already sanctioned after the 2015 attack on the Bundestag.
