US State Department Backs Germany's Accusation of Massive Cyber Attacks by Russia

Germany has accused Russia of launching cyber attacks against defense and aerospace companies, the ruling party, as well as targets in other countries. Germany has warned that there will be unspecified consequences

by Sededin Dedovic
US State Department Backs Germany's Accusation of Massive Cyber Attacks by Russia
© Spark / YOutube channel

The accusations were supported by the Czech Republic, NATO, and the US State Department. They referred to the attacks as "yet another hostile step aimed at fueling anti-Russian sentiments in Germany." NATO stated that the campaign also targeted government agencies and "operators of critical infrastructure." Additionally, other entities in Lithuania, Poland, Slovakia, and Sweden were mentioned as reported by Reuters.

The accusations come at a time of heightened concern in Europe over suspicions of Russian hackers and spies since the beginning of the war in 2022. They also come ahead of European elections. The German government summoned the Russian envoy to express protest over claims that the campaign was launched by a group associated with the Moscow military intelligence agency GRU two years ago.

The attacks targeted German ruling Social Democrats, as well as various companies. The German Federal Ministry of the Interior stated that German companies, including defense, aviation, and information technology sectors, as well as targets associated with the Russian war in Ukraine, were also under attack.

German Interior Minister Nancy Faeser said the campaign was conducted by the Russian military intelligence service GRU and began in 2022. Server companies in critical sectors were compromised, a ministry spokesperson added.

He did not disclose the names of companies or details of the damage. "These attacks are not only aimed at individual parties or specific politicians. They are aimed at undermining trust in our democracy," said German Interior Minister Nancy Faeser.

Federal Interior Minister Nancy Faeser speaks to the media© Sean Gallup / Getty Images

Germany and its partners will not tolerate attacks. "The full range of measures will be used to prevent, reject, and respond to Russia's aggressive behavior in cyberspace," said a spokesperson for the German Ministry of Foreign Affairs.

The Czech Republic stated that a number of its entities, which were not named, have been affected by a Russian campaign since last year. "In the context of upcoming European elections, national elections in several European countries, and ongoing Russian aggression against Ukraine, these acts are particularly serious and condemned," the Czech Ministry of Foreign Affairs said.

In a separate statement, Britain accused Russia of undermining democratic processes without going into further details. The German SPD previously stated that high-ranking members' email accounts were targeted. However, it was not clear if data was stolen.

The European Union condemned the "malicious cyber campaign conducted against Germany and the Czech Republic by Advanced Persistent Threat Actor 28 (APT28) under Russia's control." NATO states that APT28 targeted "other national government entities, operators of critical infrastructure" throughout the alliance, including Lithuania, Poland, Slovakia, and Sweden.

"We are determined to use the necessary capabilities to deter, defend, and counter the full spectrum of cyber threats, mutually supporting each other, including considering coordinated responses," announced the North Atlantic Council, NATO's decision-making political body.

GooseEgg Tool

The Ministry of the Interior in Berlin stated that a group called "Fancy Bear" or APT28, reporting to the GRU, exploited a then-unknown vulnerability in Microsoft Outlook. This compromised email accounts. An international operation led by the FBI in January prevented devices compromised in attacks from being abused for cyber espionage operations worldwide, Berlin stated.

A German Microsoft spokesperson referred to a blog post stating that a Russian actor had been using a tool called GooseEgg since April 2019 to steal credentials. Microsoft itself had a "problem" this year; in January, it officially informed the US Securities regulator of a security incident, blaming a Russian state-sponsored hacker group.

According to Microsoft, it all lasted from the end of November last year (2023), when a state-sponsored hacker group managed to gain access to the email accounts of a "very small percentage" of their employees. The affected were high-ranking members of management, as well as employees in the legal department and the cybersecurity department and several others.

Attackers managed to steal certain internal data from their user accounts, and the police were also informed. As possible culprits, they singled out the Russian state-sponsored hacker group Midnight Blizzard, also known as Nobelium, Cozy Bear, and APT29.

This group gained "fame" in 2020 with a large organized attack on the business software SolarWinds Orion and its numerous users. APT28 has been active worldwide since at least 2004, mainly in the field of cyber espionage, according to hacking experts.

According to the German domestic intelligence agency, it is one of the most active and dangerous cyber actors worldwide. US intelligence agencies have previously warned of the powerful cyber capabilities of actors controlled by the GRU.

They accused Fancy Bear of hacking Hillary Clinton's staff email accounts before the 2016 elections. Then, in 2016, the World Anti-Doping Agency accused Russian hackers. Hackers allegedly stole confidential medical information about US Olympic athletes and published it online. The FBI later seized the domain of the website where the information was published.

Germany Russia