The German Federal Ministry of the Interior stated that Cyber Attacks on the SPD (Social Democratic Party of Germany), defense, IT, and aviation companies were attributed to APT 28 (Fancy Bear), and thus linked to the Russian military intelligence service GRU.
The main targets of these Russian attacks were the SPD party headquarters, along with German companies in logistics, armaments, aerospace, and IT services. Additionally, foundations, associations, government institutions, and critical infrastructure, especially in the energy supply sector, were also targeted. According to the German Federal Ministry of the Interior, companies in these sectors were also attacked overseas.
Please follow us on Facebook and Twitter.
As per the German federal government, APT 28 exploited a previously unknown critical security vulnerability in Microsoft Outlook to compromise email accounts over an extended period. The Cyber Attack on the ruling SPD party is considered a significant intervention in democratic structures.
German Federal Interior Minister Nancy Faeser stated:
“The Russian Cyber Attacks are a threat to our democracy, which we are resolutely countering. We are acting side by side within the EU, NATO and with our international partners. We will under no circumstances allow ourselves to be intimidated by the Russian regime.”
Increased Threat and Protective Measures
According to the German Federal Ministry of the Interior, the threat situation, already elevated before Russia’s war of aggression against Ukraine, has intensified further concerning cyber activities.
In response to these threats, German security authorities have bolstered protective measures against hybrid threats.
The Cyber Attacks attributed to the APT 28 group commenced at the end of December 2022, targeting the SPD party headquarters. This attack forms part of a broader campaign that has been exploiting a security vulnerability in Microsoft Outlook for Windows since at least March 2022.
An internationally coordinated operation, spearheaded by the FBI at the end of January 2024, prevented compromised devices from being further utilized for global cyber espionage operations. The German Federal Office for the Protection of the Constitution (BfV) was involved from the outset.
As per the BMI (German Federal Ministry of the Interior), the investigation into the attacks attributed to APT 28 resulted from extensive cooperation between German authorities and their foreign counterparts, as well as the willingness of the targeted institutions to collaborate.
Read Also: Reportedly, Kaspersky’s AI Used in Russian Military Drones
