Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

German Spy Service Says Russia Behind Major Cyber Attacks

‘Evidence’ Russia Behind Cyber Attacks in Germany: Secret Service

‘Evidence’ Russia Behind Cyber Attacks in Germany: Secret Service

Germany’s domestic secret service said Friday it had evidence that Russia was behind a series of cyber attacks, including one that targeted the German parliament last year.

The operations cited by the BfV intelligence agency ranged from an aggressive attack called Sofacy or APT 28 that hit NATO members and knocked French TV station TV5Monde off air, to a hacking campaign called Sandstorm that brought down part of Ukraine’s power grid last year.

“Cyberspace is a place for hybrid warfare. It opens a new space of operations for espionage and sabotage,” said Hans-Georg Maassen, who heads the BfV agency.

“The campaigns being monitored by the BfV are generally about obtaining information, that is spying,” he said. “However, Russian secret services have also shown a readiness to carry out sabotage.”

Germany itself fell victim to one of these rogue operations, with the Sofacy attack last year hitting the German lower house of parliament.

Chancellor Angela Merkel’s CDU party confirmed it had been targeted in April, adding that “we have adapted our IT infrastructure as a result”.

The BfV said the “cyber attacks carried out by Russian secret services are part of multi-year international operations that are aimed at obtaining strategic information.”

“Some of these operations can be traced back as far as seven to 11 years.”  

Government, military, media

IT experts believe that Sofacy or APT 28 is a so-called phishing tool of the broader Operation Pawn Storm, that has been blamed for targeting NATO and the US government and military as well as Ukrainian activists and Russian dissidents.

The operation included the attempted hacking of the Dutch Safety Board’s computer systems by Russian spies seeking to access a sensitive final report into the July 2014 shooting down of flight MH17 over Ukraine, according to security experts Trend Micro.

It also hit France’s TV5Monde television channel last April, shutting down transmissions and placing jihadist propaganda messages on the station’s website, Facebook and Twitter accounts.

The station had initially focused investigations on the IS group, after the perpetrators claimed to be members of the jihadist organisation.

But in June, a French judicial source put the blame on Russian hackers.

Sandworm” meanwhile refers to a group of hackers who deploy the malware known as Black Energy and KillDisk through phishing emails.

BfV said Sandworm targeted not just government posts, but “was also aimed at telecommunications companies, energy providers as well as higher education facilities”.

The West has been boosting resources and tightening cooperation to fight the mounting threat of international cyber attacks, with cyber defence designated as a core NATO task.

*Updated

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cyberwarfare

Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...