Russia has been accused of waging its own brand of cyber hybrid warfare against Germany, with specific focus on next year’s elections. In particular, the APT28 (Fancy Bear) hacking group — thought to be linked to the Russian government — is accused of spreading propaganda and disinformation under the guise of ‘hacktivists’.
The recent attack on Deutsche Telekom routers is thought by some experts to have emanated from Russia, but there is no proof. Last year’s attack against the German parliament, and attacks against German politicians in August, are also blamed on Russia. Speaking earlier this week, Chancellor Angela Merkel commented, “Such cyber-attacks, or hybrid conflicts as they are known in Russian doctrine, are now part of daily life and we must learn to cope with them.”
Now both the heads of the German foreign intelligence agency (BND), Bruno Kahl, and the domestic intelligence agency (BfV), Hans-Georg Maassen, have warned about increasing Russian cyber activity in Germany.
Last week Kahl told the Süddeutsche Zeitung, “There are findings that cyber-attacks take place which have no other meaning than to create political uncertainty. There is a kind of pressure on public discourse and on democracy, which is unacceptable.” He added that there are indications of Russian involvement. “Attribution to a state actor is technically difficult, but there is some evidence that it is at least tolerated or desired by the state.”
Yesterday, however, a statement issued by the BfV was more forthright. “Since the start of the Ukraine crisis,” it started, “we have seen a significant increase in Russian propaganda and disinformation campaigns in Germany.” It warns of a broad spectrum of instruments and “an enormous use of financial resources on Russia’s part” designed to strengthen extremist groups in order to shape political discourse in Germany.
The statement names APT28 as using a campaign that is often executed as ‘false flags’. “This approach represents a previously unseen methodology in campaigns that are controlled by Russia.” Note however, that many experts believe that the attack against French television company TV5 was also a ‘false flag’: in reality APT28 pretending to be ISIS.
The statement goes on to say, “Spear-phishing against political parties and parliamentary groups have increased dramatically. They are attributed to the APT28 campaign, which was also responsible for the DNC hack. APT28 successfully exfiltrated data from the German Bundestag in 2015.”
Maassen describes the method and motivation behind the APT28 campaign. “Propaganda, disinformation, cyber-attacks, cyber espionage and cyber sabotage are part of hybrid threats against western democracies.” He points to social networks as the new way for people to share and consume information, adding that it provides the perfect entry point for disinformation and campaigns designed to reshape public opinion.
He also warns of an “increase in cyber espionage within the political arena”. Government officials, members of the Bundestag, and party workers all face a potential threat. “Stolen information could be used in the election campaign to discredit German politicians.”
The political theory is that Russia will benefit from a weakened European Union — already wounded by Brexit. By playing to European concerns over uncontrolled immigration and refugee support, and by fostering nationalism within individual member states — in this instance Germany — Russia will be able to weaken the existing European sanctions.
Russia denies involvement in hacking.