Since the start of the Russian invasion in Ukraine in February 2022, Western countries have been on high alert against the risk of massive computer attacks and disinformation operations orchestrated by Russia.
The latest, revealed jointly by Berlin and Prague, is attributed to the APT28 group “which is led by the Russian intelligence services”, declared Friday the head of German diplomacy, Annalena Baerbock, during a trip to Sydney.
“In other words, it was a cyberattack supported by Russia against Germany and it is absolutely intolerable and unacceptable,” the minister said.
The German government announced in the morning the summoning of the charge d’affaires of the Russian embassy, ”to make it clear to the Russian government that we do not accept these actions.”
“We will use a range of measures to deter and respond to Russia’s aggressive behavior,” the Foreign Ministry warned.
Russia has deemed the German accusations “unfounded”.
– “Wrongdoing” –
The cyberattack attributed to Moscow notably targeted email addresses of officials of the SDP, the social-democratic party of Chancellor Olaf Scholz.
The operation also targeted “government services, companies in the logistics, arms, aerospace sectors and several foundations and associations,” Berlin said.
According to the Ministry of the Interior, the APT28 group would have started its attack against the SDP in 2022, “exploiting for a long period a critical security flaw in Microsoft Outlook, not known at the time (…) to compromise email accounts”.
Exploitation of this same flaw allowed APT28 hackers to carry out a series of attacks in the Czech Republic, the government of that country announced on Friday.
“In the context of the upcoming European elections, national elections in several European countries and the ongoing Russian aggression against Ukraine, these acts are particularly serious and reprehensible,” the Foreign Ministry said.
“These attacks were orchestrated by the Russian Federation and its GRU intelligence service,” said Czech Interior Minister Vit Rakusan.
EU member countries “strongly condemn” this campaign of cyberattacks, said the head of EU diplomacy Josep Borrell on behalf of the Twenty-Seven.
Having already imposed sanctions on individuals and entities linked to the APT28 group in 2020, the EU “is determined to use a range of measures to prevent, deter and respond to Russia’s malicious behavior in cyberspace”, a- he added.
An internationally coordinated operation under the direction of the American FBI made it possible to prevent at the end of January 2024 “compromised devices around the world from continuing to be misused for cyberespionage operations”, according to Berlin.
– “Fancy Bear” –
The APT28 group, also known as “Fancy Bear”, is accused of being responsible for dozens of cyberattacks around the world.
“This is one of the most dangerous and active cyberattack groups in the world,” observed the German Interior Ministry.
NATO countries were concerned on Thursday about “malicious activities” by Russia “recently carried out on the territory of the Alliance”.
“These are acts of sabotage, acts of violence, cyber activities, electronic disruptions, disinformation campaigns and other hybrid activities,” the allies wrote in a statement referring to “state activities hostilities affecting Czechia, Estonia, Germany, Latvia, Lithuania, Poland and the United Kingdom.
In recent months, several states such as France, Switzerland and Australia have already denounced cyberattacks by hacker collectives in the bosom of Moscow.
Companies like Mandiant, a subsidiary of Google, and Microsoft have also declared themselves victims of cyberattacks by hackers linked to the Russian state.
In a report published in April, Mandiant said it had spotted malicious operations carried out by another group called Sandworm in regions of the world considered political, military or economic hotspots for Russian interests.
bur-lep/smk/jt
