(Berlin) The German and Czech governments on Friday accused a group of Russian hackers controlled by Moscow of a recent campaign of cyberattacks in their countries, “malicious behavior” to which the EU promised a firm response.
Since the start of the Russian invasion in Ukraine in February 2022, Western countries have been on high alert against the risk of massive computer attacks and disinformation operations orchestrated by Russia.
The latest, revealed jointly by Berlin and Prague, is attributed to the APT28 group “which is led by the Russian intelligence services”, declared Friday the head of German diplomacy, Annalena Baerbock, during a trip to Sydney.
“In other words, it was a cyberattack supported by Russia against Germany and it is absolutely intolerable and unacceptable,” the minister said.
The German government announced in the morning the summoning of the charge d’affaires of the Russian embassy, ”a clear diplomatic signal […] to make the Russian government understand that we do not accept these actions.”
“We will use a range of measures to deter and respond to Russia’s aggressive behavior,” the Foreign Ministry warned.
“Wrongdoing”
Last year, the cyberattack attributed to Moscow notably targeted email addresses of officials of the SDP, the social-democratic party of Chancellor Olaf Scholf.
The operation also targeted “government services, companies in the logistics, arms, aerospace sectors and several foundations and associations,” Berlin said.
A “joint investigation” with the authorities of the Czech Republic, where German Interior Minister Nancy Faeser visited on Friday, brought the actions to light.
According to the Czech Foreign Minister, Prague has repeatedly been the target of cyberattacks orchestrated by APT28.
They “exploited a previously unknown vulnerability in Microsoft Outlook from 2023”, according to the same source.
“In the context of the upcoming European elections, national elections in several European countries and the ongoing Russian aggression against Ukraine, these acts are particularly serious and reprehensible,” the ministry added on Friday.
“These attacks were orchestrated by the Russian Federation and its GRU intelligence service,” said Czech Interior Minister Vit Rakusan.
EU member countries “strongly condemn” this campaign of cyberattacks, said the head of EU diplomacy Josep Borrell on behalf of the Twenty-Seven.
Having already imposed sanctions on individuals and entities linked to the APT28 group in 2020, the EU “is determined to use a range of measures to prevent, deter and respond to Russia’s malicious behavior in cyberspace”, a- he added.
“Fancy Bear”
The APT28 group, also known as “Fancy Bear,” is accused of being responsible for dozens of cyberattacks around the world.
“According to the estimation of our security authorities, this is one of the most dangerous and active cyberattack groups in the world,” observed the German Interior Ministry.
NATO countries were concerned on Thursday about “malicious activities” by Russia “recently carried out on Alliance territory”.
“These are acts of sabotage, acts of violence, cyber activities, electronic disruptions, disinformation campaigns and other hybrid activities,” the allies wrote in a statement referring to “state activities hostilities affecting Czechia, Estonia, Germany, Latvia, Lithuania, Poland and the United Kingdom.
In recent months, several states such as France, Switzerland and Australia have already denounced cyberattacks by hacker collectives in Moscow.
France notably said it was strengthening, last February, the security measures of the Ministry of the Armed Forces.
Companies like Mandiant, a Google subsidiary, and Microsoft have also declared themselves victims of cyberattacks by hackers linked to the Russian state.
In a report published in April, Mandiant said it had spotted malicious operations carried out by another group called Sandworm in regions of the world considered political, military or economic hotspots for Russian interests.