Germany has disclosed evidence linking the Russian state-sponsored hacker group APT28 to a significant cyber-attack that occurred last year. The attack targeted several websites, causing disruptions and drawing international attention.
The attack specifically targeted the Social Democratic Party (SPD), a central pillar in Germany’s governing coalition and the party of Chancellor Olaf Scholz.
German authorities attributed the attack to the Russian-backed hacker group, APT28, also known as Fancy Bear and Pawn Storm. The group is famous for conducting cyber assaults on various governments across Europe.
“Today we can say unambiguously [that] we can attribute this cyber-attack to a group called APT28, which is steered by the military intelligence service of Russia,” said German foreign minister Annalena Baerbock, as reported by The Guardian. “In other words, it was a state-sponsored Russian cyber-attack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.”
As per the UK’s National Cyber Security Centre, APT28 is quite sophisticated and employs high-end tools like X-Tunnel, X-Agent, and CompuTrace to infiltrate the networks. In April 2024, it was reported that Fancy Bear was deploying GooseEgg via a Windows Print Spooler flaw.
The implications of this revelation are profound. Baerbock did not mince words when she described the cyber-attack as “absolutely intolerable and unacceptable,” signalling that Germany would not stand idle in the face of Russian cyber attacks.
While Germany refrained from divulging intricate details of the SPD cyber-attack, reports from the EU’s computer security response unit, CERT-EU, indicated that the attack on the SPD executive last year showed signs of data exposure.
The timing of the attack coincides with a pivotal moment in January 2023, when Germany was contemplating sending Leopold 2 battle tanks to Ukraine. This decision was part of a broader European effort to support Ukraine in its conflict with Russia.
The pro-Russia hacking group Killnet claimed responsibility for the attack, which aimed to knock several German websites offline. However, the Kremlin, through spokesperson Dmitry Peskov, denied any knowledge of Killnet. The group was also accused of a DDoS attack on the EU Parliament website in 2022.
This revelation comes on the heels of another security breach involving Russian media’s publication of an audio recording from a meeting of senior German military officials. The leak occurred after one participant dialled in through an “unauthorised connection,” leading to the exposure of confidential discussions.
European leaders consider these cyber-attacks part of Russia’s “hybrid” war tactics against Ukraine and the EU. The strategy includes disinformation campaigns spread across social media and the creation of doppelgangers of fake news websites designed to mimic legitimate media outlets.
These efforts aim to undermine the credibility of mainstream parties, sow seeds of distrust in democratic institutions, and inside hatred against marginalised groups.
Russian cyber attackers have been accused of breaching the networks of several Western nations. In May 2023, it was reported that the Anonymous Sudan hacker group is backed by Russia.
Last year, the United States dismantled a global peer-to-peer network of computers compromised by Russian malware named Snake.
In the News: GitLab flaw allows account takeovers; urgent patching required