Germany on Friday accused Russian military agents of hacking the top echelons of Chancellor Olaf Scholz’s party and other sensitive government and industrial targets, and was joined by NATO and fellow European countries in warning that Russia’s cyberespionage would have consequences.
Relations between Russia and Germany were already tense, with Germany providing military support to Ukraine in its ongoing war with Russia.
German Foreign Minister Annalena Baerbock said Russian military cyber operators were behind the hacking of emails of the Social Democrats, the leading party in the governing coalition. Officials said they did so by exploiting Microsoft Outlook.
Officials described a hacking campaign that persisted for months.
The German Interior Ministry said in a statement that the hacking campaign began at least as early as March 2022 — a month after Russia’s full-scale invasion of Ukraine — with emails at Social Democrat party headquarters accessed beginning that December. It said German companies, including in the defense and aerospace sectors, as well as targets related to the war were also a focus.
The statement said international efforts led by the FBI shut down in late January a botnet of compromised network devices used by the Russian hackers — known as APT28 or Fancy Bear — in the cyberespionage scheme.
“Russian state hackers attacked Germany in cyberspace,” Baerbock said at a news conference in the Australian city of Adelaide. She attributed the hack to a unit of Russia’s GRU military intelligence unit.
“This is absolutely intolerable and unacceptable and will have consequences,” she said, without specifying what they might be.
A separate German statement said the hacking occurred over “a relatively long period” and also targeted various unidentified German government authorities, foundations and associations. It said the Social Democrats’ executive committee was targeted.
The Council of the EU and the Czech Foreign Ministry said Czechia’s institutions have also been targeted by the same group. Both German and Czech officials said the GRU hackers leveraged a previously unknown vulnerability in Microsoft Outlook.
In a statement by the EU’s top diplomat, Josep Borrell, the bloc’s nations said they “strongly condemn the malicious cyber campaign” by Fancy Bear “against Germany and Czechia.”
The EU noted that it had previously imposed sanctions on individuals and entities associated with the group for targeting the German parliament in 2015. It said it will not tolerate the continuation of such attacks, particularly with EU elections upcoming in June.
NATO accused Fancy Bear of targeting “other national governmental entities, critical infrastructure operators and other entities across the Alliance,” including in Lithuania, Poland, Slovakia and Sweden.
“We are determined to employ the necessary capabilities in order to deter, defend against and counter the full spectrum of cyberthreats to support each other, including by considering coordinated responses,” said the North Atlantic Council, the principal political decision-making body within NATO.
Baerbock is visiting Australia, New Zealand and Fiji, with the trip focusing on security policy as China pushes for influence in the Pacific region.
“The defense cooperation between Germany and Australia is close and we would like to deepen it further and together expand it, because we are in a situation where we face similar threats,” said Baerbock, who is the first German foreign minister to visit Australia in 13 years.
Discussions between Baerbock and Australia counterpart Penny Wong centered on the conflict in Gaza. “I think we all understand that the only path out of this cycle of violence that we see in the Middle East at such great cost is one that ultimately ensures a two-state solution,” Wong said.
