- Minister Faeser highlights the attacks’ aim to undermine democratic confidence beyond targeting specific entities.
- Germany and its allies vow to combat and deter Russian cyber aggression with a full range of measures.
- The Czech Republic reports entities affected by the Russian campaign amid concerns over elections and the Ukraine conflict. Britain accuses Russia of undermining democratic processes without specifics.
Germany accused Russia of cyber attacks on its defence and aerospace firms, the ruling party, and other targets in other countries, warning of unspecified consequences. Russia’s embassy in Berlin dismissed the accusations, which were echoed by the Czech Republic, the NATO defence alliance, and the US State Department. NATO claimed the campaign targeted government bodies, critical infrastructure operators, and other entities in Lithuania, Poland, Slovakia, and Sweden.
The German government’s response
Diplomatic Protest Germany summons Russia’s envoy to protest against a campaign reportedly launched by a group linked to Moscow’s GRU military intelligence agency two years ago. The attacks targeted Germany’s governing Social Democrats (SPD) and companies in logistics, defence, aerospace, and information technology sectors, as stated by the Interior Ministry.
German interior minister Nancy Faeser underscores the broader aim of the attacks: to shake confidence in democracy beyond targeting specific parties or politicians. A spokesperson for Germany’s Foreign Ministry asserts that Germany and its partners will not tolerate the attacks and are prepared to employ a full range of measures to counter Russia’s aggressive behaviour in cyberspace.
Also read: China accused by UK and US of multiple ‘malicious’ cyber attacks
Cyber campaign’s impact beyond Germany
The Czech Republic reports that unnamed entities within its borders have been affected by the Russian campaign since 2023, amid concerns related to upcoming European and national elections and the ongoing conflict in Ukraine. Russia of undermining democratic processes without providing further details on the specific allegations.
Technical details and international collaboration
The Interior Ministry in Berlin reveals that a group known as “Fancy Bear,” or APT28, operating under the GRU, exploited a previously unknown vulnerability in Microsoft Outlook over an extended period to compromise email accounts.
Also read: MGM Resorts Hit by Cyber Attack, Caesars Also Targeted
An international operation led by the US Federal Bureau of Investigation (FBI) in January successfully prevented the misuse of compromised devices for cyber-espionage activities on a global scale. A German Microsoft spokesperson directs attention to a blog post indicating that a Russian actor has been using a tool called “Goose Egg” since April 2019 to steal credentials.
Historical context and allegations of cyber attacks
Hacking experts note that APT28, primarily involved in cyber espionage, has been active worldwide since at least 2004. Threat Germany’s domestic intelligence agency identifies APT28 as one of the most active and dangerous cyber actors globally.
US intelligence agencies have previously warned about the formidable cyber capabilities of GRU-controlled actors, attributing Fancy Bear to hacking incidents such as breaching the email accounts of Hillary Clinton’s staff before the 2016 election and the theft of medical information about US Olympic athletes in 2016.
