Germany has blamed “state-sponsored” Russian hackers for an “unacceptable” cyberattack on members of the Social Democratic Party (SPD), warning there would be consequences.
Foreign Minister Annalena Baerbock said on Friday that the federal government’s investigation into those responsible for the cyber attack on the SPD, a leading member of the governing coalition in 2023, had just been completed.
“Today we can say clearly [that] “We can attribute this cyberattack to a group called APT28, which is controlled by Russian military intelligence,” she said at a news conference in the Australian city of Adelaide.
“In other words, it was a state-sponsored Russian cyberattack on Germany, and that is absolutely intolerable and unacceptable and will have consequences.”
APT28, also known as Fancy Bear or Pawn Storm, has been blamed for dozens of cyberattacks worldwide.
The attack on Chancellor Olaf Scholz’s SPD was made public last year and attributed to a previously unknown vulnerability in Microsoft Outlook.
The Federal Ministry of the Interior said that German companies, including those in the defense, aerospace and information technology sectors, as well as targets related to Russia’s war in Ukraine were also the focus of the attacks.
German Interior Minister Nancy Faeser said the campaign was orchestrated by Russia’s GRU military intelligence service and began in 2022.
A spokesman for the Foreign Office said on Friday that the chargé d’affaires of the Russian embassy in Berlin had been summoned.
The cyber attack showed “that the Russian threat to security and peace in Europe is real and enormous,” said the spokesman.
Russia has rejected previous accusations by Western governments that it was behind cyberattacks. On Friday, the embassy in Germany said it had “categorically rejected as unfounded and baseless the allegations that Russian state structures were involved in the present incident.”
The Czech Republic’s Foreign Ministry said on Friday that the country’s institutions had also been targeted by APT28 by exploiting a vulnerability in Microsoft Outlook from 2023.
“Cyberattacks on political entities, state institutions and critical infrastructure not only pose a threat to national security, but also disrupt the democratic processes on which our free society is based,” the ministry said. No details were given about the targets.
The European Union condemned the Russian-controlled Advanced Persistent Threat Actor 28’s (APT28) malicious cyber campaign against Germany and the Czech Republic.
NATO said APT28 targeted “other national government entities and critical infrastructure operators” across the alliance, including in Lithuania, Poland, Slovakia and Sweden.
I condemn it in the strongest possible terms #Russia‘s malicious cyber activities against #NATO Allies, incl. #Germany & #Czech Republic. NATO remains committed to countering the significant, persistent and increasing cyber threat. Read the statement: https://t.co/fDkRqLDemz
— Jens Stoltenberg (@jensstoltenberg) May 3, 2024
“We are committed to deploying the necessary capabilities to deter, defend and combat the full spectrum of cyber threats and to support each other, including by exploring coordinated responses,” said the North Atlantic Council, the policy-making body within NATO.
“Concrete sign” of Russian origin
The EU’s computer security response unit, CERT-EU, noted last year a German media report that an SPD manager had been the target of a cyberattack in January 2023 that “may have resulted in data disclosure.”
It said there were allegedly “concrete signs” that it was of Russian origin.
Baerbock spoke after a meeting with Australian Foreign Minister Penny Wong, who said: “We have previously joined the United States, Britain, Canada and New Zealand in attributing malicious cyber activity to APT28.”
It is not the first time that Russian hackers have been accused of espionage in Germany.
In 2020, then-Chancellor Angela Merkel said Germany had found “clear evidence” that Russian hackers had targeted her.
One of the most high-profile incidents attributed to Russian hackers to date was a 2015 cyberattack that crippled the Bundestag’s computer network and put the entire institution offline for days while the flaw was fixed.