APT28 under suspicion

Russia allegedly behind hacker attack on SPD

The Russian hacker groups APT28 and APT29 are said to work for Russia's intelligence services.

(Bild: stock.adobe.com)

The German government is blaming a unit of the Russian military intelligence service GRU for a cyber attack on the SPD at the beginning of last year. "Russian state hackers attacked Germany in cyberspace," said German Foreign Minister Annalena Baerbock on Friday during her visit to Australia in Adelaide and announced consequences.

The SPD announced in June 2023 that email accounts of the SPD party executive had already been the target of a cyber attack in January. This was made possible by a security vulnerability at the software company Microsoft that was still unknown at the time of the attack, the SPD said at the time - and: "It cannot be ruled out that data was leaked from individual email inboxes."

Attack was attributed to hacker group APT28
According to Baerbock, the investigations by the German government under the leadership of the Federal Foreign Office have now been completed. "We can now clearly attribute this attack from last year to the APT28 group, which is controlled by the Russian secret service GRU," said the Green politician. "This is completely unacceptable and will not remain without consequences." Baerbock did not say what these consequences might be.

According to the German Office for the Protection of the Constitution, the APT28 group has been active worldwide since at least 2004, primarily in the field of cyber espionage. In the past, it has also conducted disinformation and propaganda campaigns in cyberspace and is "one of the most active and dangerous cyber actors worldwide". The German Federal Office for the Protection of the Constitution clearly attributes APT28 to the Russian military intelligence service GRU.

The group, which also operates under the name "Fancy Bear", was already held responsible for a major cyberattack on the German Bundestag in 2015 and later in the USA for an attack on the Democratic Party before the 2016 presidential election, which was won by Republican candidate Donald Trump.

All German intelligence services involved
According to dpa, all German intelligence services were involved in the German government's investigation, including the Office for the Protection of the Constitution, the Federal Intelligence Service and the Military Counterintelligence Service. According to previous findings, the attack on the SPD is said to have been part of a campaign by APT28 in several European countries targeting government agencies and companies involved in energy supply, IT, armaments and aerospace.

The North Atlantic Council, NATO's most important decision-making body, expressed its "deep concern" about increasing Russian cyber attacks on Thursday, without giving any details. A statement spoke of "hostile activities" directed against Germany, Estonia, Latvia, Lithuania, Poland, the Czech Republic and the UK.

"These incidents are part of an intensifying campaign of activities carried out by Russia throughout the Euro-Atlantic area, including in the Alliance area and via proxies. These include acts of sabotage, acts of violence, cyber and electronic disruption, disinformation campaigns and other hybrid operations," the statement said. The activities represented "a threat to the security of alliance partners".