Germany’s domestic secret service accused Russia on Friday of a series of international cyber attacks aimed at spying and sabotage, in “hybrid warfare” that also targeted the German parliament last year.
The operations cited by the BfV intelligence agency ranged from an aggressive attack called Sofacy or APT 28 that hit NATO members and knocked French TV station TV5Monde off air, to a hacking campaign called Sandstorm that brought down part of Ukraine’s power grid last year.
“Cyberspace is a place for hybrid warfare. It opens a new space of operations for espionage and sabotage,” said Hans-Georg Maassen, who heads the BfV agency.
“The campaigns being monitored by the BfV are generally about obtaining information, that is spying,” he said. “However, Russian secret services have also shown a readiness to carry out sabotage.”
Germany itself fell victim to one of these rogue operations, with the Sofacy attack last year hitting the German lower house of parliament.
Chancellor Angela Merkel’s CDU party confirmed it had been targeted in April, adding that “we have adapted our IT infrastructure as a result”.
The BfV said the “cyber attacks carried out by Russian secret services are part of multi-year international operations that are aimed at obtaining strategic information”.
“Some of these operations can be traced back as far as seven to 11 years.”
Government, military, media
IT experts believe that Sofacy or APT 28 is a so-called phishing tool of the broader Operation Pawn Storm, that has been blamed for targeting NATO and the US government and military as well as Ukrainian activists and Russian dissidents.
The operation included the attempted hacking of the Dutch Safety Board’s computer systems by Russian spies seeking to access a sensitive final report into the July 2014 shooting down of flight MH17 over Ukraine, according to security experts Trend Micro.
It also hit France’s TV5Monde television channel last April, shutting down transmissions and placing jihadist propaganda messages on the station’s website, Facebook and Twitter accounts.
The station had initially focused investigations on the IS group, after the perpetrators claimed to be members of the jihadist organisation.
But in June, a French judicial source put the blame on Russian hackers.
“Sandworm” meanwhile refers to a group of hackers who deploy the malware known as Black Energy and KillDisk through phishing emails.
BfV said Sandworm targeted not just government posts, but “was also aimed at telecommunications companies, energy providers as well as higher education facilities”.
The West has been boosting resources and tightening cooperation to fight the mounting threat of international cyber attacks, with cyber defence designated as a core NATO task.