- In short: Germany claims Russian cyber espionage group APT 28, otherwise known as Fancy Bear, exploited a vulnerability in Microsoft Outlook to compromise email accounts.
- The cyber attacks, which are alleged to have begun in 2022, targeted Germany’s governing Social Democrats as well as the logistics, defence, aerospace and IT sectors, the country’s interior ministry said.
- Russia, which has denied past allegations by Western governments of cyber attacks, has not responded to the allegations.
Germany has summoned the acting representative of the Russian embassy over a sweeping cyber espionage campaign dating back to 2022 that Berlin blames on Moscow’s GRU military intelligence service.
“We and our partners will not tolerate these cyber attacks and will use the entire spectrum of measures to prevent, deter and respond to Russia’s aggressive behaviour in cyberspace,” a foreign ministry spokesperson said on Friday.
The Russian embassy did not immediately respond to a request for comment.
Moscow has denied past allegations by Western governments of cyber attacks.
The attacks in 2022 targeted Germany’s governing Social Democrats as well as the logistics, defence, aerospace and IT sectors, the interior ministry said in a statement.
The ministry said APT 28, which reports to the GRU, exploited a then-unknown vulnerability in Microsoft Outlook over a longer period of time in order to compromise email accounts.
A German spokesperson for Microsoft referred Reuters to a blog post stating that a Russian-based actor had been using a tool referred to as “GooseEgg” since as early as April 2019 to steal credentials.
Institutions in Czechia have also been targeted as part of the alleged campaign since last year, the country’s foreign ministry said on Friday.
A spokesperson for the German interior ministry said “the security gaps must be actively closed and we are pushing for this to happen”.
An international operation led by the United States’ FBI in January had prevented devices compromised in the attacks from being misused for cyber espionage operations worldwide, the ministry said.
“The Russian cyber attacks are a threat to our democracy, which we are resolutely countering,” Interior Minister Nancy Faeser said in a statement, adding that Germany was acting alongside the European Union and NATO.
Ms Faeser added that it was particularly critical to counter such attacks from Russia ahead of the European Parliament elections in June and other elections this year.
APT28, also known as Fancy Bear, has been active worldwide since at least 2004, primarily in the field of cyber espionage. According to Germany’s domestic intelligence agency, it is one of the most active and dangerous cyber actors worldwide.
Reuters