After the cyber attacks on the SPD, the Foreign Office summoned the chargé d’affaires of the Russian embassy. According to government spokesman Büchner, the attacks also targeted logistics and armaments companies, among others.
In response to a suspected Russian cyber attack on the SPD last year, the Foreign Office summoned the acting chargé d’affaires of the Russian Embassy. This was announced by a spokesman for the German Foreign Ministry in Berlin. The summons is a diplomatic signal “to make it clear to Moscow that we do not accept this approach, that we clearly condemn it and that we reserve the right to have consequences.”
Foreign Minister Annalena Baerbock had previously described the attacks as “completely unacceptable” and announced consequences.
Other countries also affected
Deputy government spokesman Wolfgang Büchner was determined. The federal government “strongly condemns” the repeated and unacceptable cyber attacks by state-controlled Russian actors. Russia is again called upon to refrain from such actions. “Germany is determined to counter such cyber attacks together with its European and international partners.”
The European Union’s foreign policy chief, Josep Borrell, said in Brussels that Europe would use the “full spectrum of measures to respond to Russia’s malicious behavior in cyberspace” and prevent further attacks. According to Brussels, Czech institutions were also affected by the hacker attack. This was confirmed by the Czech Foreign Ministry. Borrell also referred to previous Russian cyberattacks in Poland, Lithuania, Slovakia and Sweden.
Attacks on logistics and Defense contractors
According to government spokesman Büchner, the actions of the cyber group APT28 could be specifically attributed to the Russian military intelligence service GRU based on reliable information from the German intelligence services. The campaign is also directed against government agencies and companies in the areas of logistics, armaments, aerospace, IT services as well as foundations and associations. “It was directed against targets in Germany and other European countries as well as against targets in Ukraine,” said the government spokesman.
Russia’s behavior in cyberspace contradicts international norms, said Büchner. This deserves particular attention, especially in a year in which elections are taking place in many states.
The Russian embassy in Germany said on the Telegram online service that when summoned, the chargé d’affaires had rejected the accusation that “Russian authorities were involved in the aforementioned incident” and in the activities of the APT28 group.
Exploitation of an Outlook vulnerability
Loud Federal Ministry of the Interior the attack began at the end of December 2022. An Outlook vulnerability has been exploited since at least March 2022. An internationally coordinated operation at the end of January this year under the leadership of the FBI was able to prevent compromised devices worldwide from being further misused for cyber espionage operations.
“The Russian cyber attacks are a threat to our democracy, which we are resolutely countering,” emphasized Interior Minister Nancy Faeser during a visit to Prague. In response, the security authorities “increased all protective measures against hybrid threats,” emphasized the SPD politician.
Klingbeil calls for better protection
SPD General Secretary Kevin Kühnert was not surprised by the results of the investigation. Russian President Vladimir Putin is attacking the SPD “because we embody the defensive democracy in Germany in a special way,” he explained. “The fact that Putin is attacking social democracy reveals both his fear and our political strength.”
His party leader Lars Klingbeil told the Kölner Stadt-Anzeiger that Putin’s regime obviously didn’t like “how clearly we have sided with Ukraine.” Klingbeil called for better protection against attacks from the Kremlin: “In the future, we will no longer have to organize security in Europe with Russia, but from Russia.”
The SPD announced in June 2023 that the party executive’s email accounts had already been the target of a cyber attack in January. The SPD said at the time that this was made possible by a security gap in the software company Microsoft that was still unknown at the time of the attack. It cannot be ruled out that there was an outflow of data from individual email inboxes.
CDU wants to strengthen protective measures.
In response to the cyber attacks, the CDU also wants to strengthen its protective measures against possible Russian cyber attacks. We are in close contact with the Office for the Protection of the Constitution and have “taken measures that we are ramping up,” said CDU General Secretary Carsten Linnemann in Berlin.
The CDU has also experienced such cyber attacks itself in recent weeks and months, he added. He assumes that cyber attacks will be experienced not only today, but probably also in the next election campaigns.
APT28 became known through the attack on the Bundestag
According to the German Office for the Protection of the Constitution, the APT28 group has been active worldwide, primarily in the area of cyber espionage, since at least 2004. In the past, it has also led disinformation and propaganda campaigns in cyberspace and is “among the most active and dangerous cyber actors in the world.”
The Federal Office for the Protection of the Constitution clearly attributes APT28 to the Russian military intelligence service GRU. The group, which also goes by the name “Fancy Bear”, was blamed for a major cyber attack on the Bundestag in 2015 and later in the USA for an attack on the Democratic Party before the 2016 presidential election.