World
Germany and allies accuse Russia of sweeping cyberattacks | News24
A German Leopard 2A6 tank captured by Russian forces in Ukraine on display in Moscow on 1 May 2024. (Alexander NEMENOV / AFP)
- Russia has digitally attacked various German companies and its ruling party, the German government charged on Friday.
- It will face the consequences, Germany warned, without specifying what those may be.
- Russia says it is innocent.
Germany accused Russia on Friday of launching cyberattacks on its defence and aerospace firms and ruling party, as well as targets in other countries, and warned there would be unspecified consequences.
Russia’s embassy in Berlin dismissed the accusations – that were echoed by the Czech Republic, the NATO defence alliance and the US State Department – calling them “another unfriendly step aimed at inciting anti-Russian sentiments in Germany”.
NATO said the campaign had also targeted government bodies, “critical infrastructure operators” and other entities in Lithuania, Poland, Slovakia and Sweden.
The accusations come at a time of heightened anxiety in Europe over suspected Russian hackers and spies since Moscow’s invasion of Ukraine in 2022, and in the run-up to European elections.
Germany’s government said it had summoned Russia’s envoy to protest over what it said was a campaign launched two years ago by a group linked to Moscow’s GRU military intelligence agency.
The attacks targeted Germany’s governing Social Democrats as well as companies in the logistics, defence, aerospace and IT sectors, the interior ministry said in a statement.
Servers of companies in critical sectors had been compromised, a ministry spokesman added, without naming the companies or going into further details on the damage.
“These attacks are not just aimed at individual parties or specific politicians, but at shaking confidence in our democracy,” German Interior Minister Nancy Faeser said.
Germany and its partners would not tolerate the attacks and “will use the entire spectrum of measures to prevent, deter and respond to Russia’s aggressive behaviour in cyberspace,” a spokesperson from Germany’s foreign ministry said.
Fancy Bear and Goose Egg
The Czech Republic said a number of its entities, that it did not name, had been hit by the Russian campaign since last year.
“In the context of the upcoming European elections, national elections in a number of European countries and the ongoing Russian aggression against Ukraine, these acts are particularly serious and reprehensible,” the Czech foreign ministry said.
In a separate statement, Britain accused Russia of undermining democratic processes, without going into further detail.
Germany’s SPD had previously said the email accounts of senior members had been targeted but that it was not clear whether data had been stolen.
The interior ministry in Berlin said a group called “Fancy Bear” or APT28, which reports to the GRU, exploited a then-unknown vulnerability in Microsoft Outlook over a longer period of time in order to compromise email accounts.
An international operation led by the FBI in January had prevented devices compromised in the attacks from being misused for cyberespionage operations worldwide, Berlin said.
A German spokesperson for Microsoft referred Reuters to a blog post stating that a Russian-based actor had been using a tool referred to as GooseEgg since as early as April 2019 to steal credentials.
APT28 has been active worldwide since at least 2004, primarily in the field of cyberespionage, hacking experts say.
According to Germany’s domestic intelligence agency, it is one of the most active and dangerous cyber actors worldwide.
US intelligence agencies have in the past warned about the potent cyber capabilities of actors controlled by GRU. They have blamed Fancy Bear for hacking the email accounts of Hillary Clinton’s staff before the 2016 election.
In 2016, the World Anti-Doping Agency accused Russian hackers of stealing confidential medical information about US Olympic athletes and publishing it online. The FBI later seized the domain of the site – www.fancybear.net – where the information was released.