Germany accuses Russia of ‘intolerable’ cyberattack, warns of consequences

Foreign Minister Baerbock says group of hackers called APT28 is steered by Russia’s military intelligence service.

Australian Minister for Foreign Affairs Penny Wong speaks with German Minister for Foreign Affairs Annalena Baerbock during a visit to Government House in Adelaide, Australia, May 3, 2024. Michael Errey/Pool via REUTERS
Australian Foreign Minister Penny Wong, right, and her German counterpart, Annalena Baerbock, condemn cyberattacks by APT28 at a news conference in Adelaide, Australia, on May 3, 2024 [Michael Errey/Reuters]

Germany has blamed “state-sponsored” Russian hackers for an “intolerable” cyberattack on members of the Social Democratic Party (SPD) and warned there would be consequences.

On Friday, Foreign Minister Annalena Baerbock said a German federal government investigation into who was behind the 2023 cyberattack on the SPD, a leading member of the governing coalition, had just concluded.

“Today we can say unambiguously [that] we can attribute this cyberattack to a group called APT28, which is steered by the military intelligence service of Russia,” she said at a news conference in the Australian city of Adelaide.

“In other words, it was a state-sponsored Russian cyberattack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.”

APT28, also known as Fancy Bear, has been accused of dozens of cyberattacks around the world.

The attack on German Chancellor Olaf Scholz’s SPD was made public last year and blamed on a previously unknown vulnerability in Microsoft Outlook.

Germany’s Federal Ministry of the Interior said German companies, including in the defence, aerospace and information technology sectors, as well as targets related to Russia’s war in Ukraine were also a focus of the attacks.

The hacking campaign began at least as early as March 2022, a month after Russia launched its invasion of Ukraine, with emails at the SPD’s headquarters accessed from December that year, the ministry said in a statement.

German Interior Minister Nancy Faeser said the campaign was orchestrated by Russia’s military intelligence service GRU.

A German Federal Foreign Office spokesperson said on Friday that the acting charge d’affaires of the Russian embassy in Berlin has been summoned.

The cyberattack showed “that the Russian threat to security and peace in Europe is real and enormous”, the spokesperson said.

Russia has denied past allegations by Western governments of being behind cyberattacks.

On Friday, its embassy in Germany said it “categorically rejected the accusations that Russian state structures were involved in the given incident … as unsubstantiated and groundless”.

The Czech Republic’s Ministry of Foreign Affairs said on Friday that the country’s institutions had also been targeted by APT28 by exploiting a vulnerability in Microsoft Outlook from 2023.

“Cyberattacks targeting political entities, state institutions and critical infrastructure are not only a threat to national security but also disrupt the democratic processes on which our free society is based,” the ministry said. It didn’t provide details about the targets.

The European Union condemned the “malicious cyber campaign conducted by the Russia-controlled Advanced Persistent Threat Actor 28 (APT28) against Germany and Czechia”.

NATO said APT28 targeted “other national governmental entities, critical infrastructure operators” across the alliance, including in Lithuania, Poland, Slovakia and Sweden.

“We are determined to employ the necessary capabilities in order to deter, defend against and counter the full spectrum of cyberthreats to support each other, including by considering coordinated responses,” said the North Atlantic Council, the political decision-making body within NATO.

The United States and the United Kingdom also condemned the attack.

“We join NATO and the EU in efforts to counter such activities and hold perpetrators accountable,” said US Department of State spokesperson Matthew Miller.

‘Concrete signs’ of Russian origin

The EU’s computer security response unit, CERT-EU, last year noted a German media report that an SPD executive had been targeted in a cyberattack in January 2023, “resulting in possible data exposure”.

It said there were reportedly “concrete signs” it was of Russian origin.

Baerbock spoke after a meeting with Australian Foreign Minister Penny Wong, who said: “We have previously joined the United States, UK, Canada and New Zealand in attributing malicious cyberactivity to APT28.”

It is not the first time that Russian hackers have been accused of spying on Germany.

In 2020, then-Chancellor Angela Merkel said Germany found “hard evidence” that Russian hackers had targeted her.

One of the most high-profile incidents so far blamed on Russian hackers was a cyberattack in 2015 that paralysed the computer network of Germany’s lower house of parliament, the Bundestag, forcing the entire institution offline for days while it was fixed.

Source: Al Jazeera and news agencies

Advertisement