Germany says Russians behind ‘intolerable’ cyber-attack last year

Germany has said it has evidence that Russian state-sponsored hackers were behind an “intolerable” cyber-attack last year in which several websites were knocked off line in apparent response to Berlin’s decision to send tanks to Ukraine.

The German foreign minister, Annalena Baerbock, said a federal government investigation into the 2023 cyber-attack on the Social Democrat party (SPD) had just concluded.

“Today we can say unambiguously [that] we can attribute this cyber-attack to a group called APT28, which is steered by the military intelligence service of Russia,” she told a news conference during a visit to Australia. “In other words, it was a state-sponsored Russian cyber-attack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.”

APT28, also known as Fancy Bear or Pawn Storm, has been accused of dozens of cyber-attacks in countries around the world. The UK’s National Cyber Security Centre has described the unit as “a highly skilled threat actor” that has “used tools including X-Tunnel, X-Agent and CompuTrace to penetrate target networks”.

Baerbock did not give further details of the cyber-attack against the SPD. The EU’s computer security response unit CERT-EU last year noted a German media report that an SPD executive had been targeted in a cyber-attack in January 2023 “resulting in possible data exposure”. It said there were reportedly “concrete signs” it was of Russian origin.

At the same time, Berlin said Russian activist hackers had knocked several German websites offline in response to its decision to send tanks to Ukraine, although with little tangible effect.

In January 2023 Germany was inching towards a decision to send Leopold 2 battle tanks to the frontline after Ukraine appealed for a fleet of 300 from Europe.

Baerbock’s comments come two months after Russian media published an audio recording of a meeting of senior German military officials, after one participant had dialled in through an “unauthorised connection” leading to the leak.

Cyber-attacks are officially considered by European leaders to be part of Russia’s “hybrid” war against Ukraine and the EU. Disinformation across social media, and doppelganger or fake news websites that look almost exactly like legitimate media, are part of the weaponry deployed by the Kremlin, with more than 17,000 disinformation units identified by the EU since the start of the war.

The pro-Russian doppelganger network of sites was uncovered in 2022 and is still active. In April, a fake Der Spiegel website claimed the German finance minister, Chrisian Lindner, was “robbing” pensioners.

The EU’s chief diplomat, Josep Borrell, said earlier this year that the Russians were using disinformation to undermine the credibility of mainstream parties, sow seeds of distrust in democracy and create hate against minorities.

He said this new kind of warfare “does not involve bombs that kill you” but words and ideas that “colonise you”.

The World Economic Forum ranked disinformation and cyber-attacks, so-called foreign information manipulations and interference as “the second biggest risk the world is going to face this year”, while Nato said it was now treating it as being as important as physical weaponry.