Berlin/Prague/Washington/Brussels: Germany and Czechia today claimed malicious cyber activity by Russia that targeted a German political party and some Czech institutions.
Germany claimed Russia targeted a German political party – the German Social Democratic Party, while Czechia stated that some Czech institutions were the target of cyber-attacks exploiting a previously unknown vulnerability in Microsoft Outlook from 2023.
The mode of operation and the focus of these cyber attacks matched the profile of Russia’s General Staff Main Intelligence Directorate (GRU), also known as the Advanced Persistent Threat Actor 28 (APT28), Czechia claimed and jointly with Germany, the European Union, NATO and international partners, condemned activities of the Russian state-controlled actor and claimed APT28 had been conducting a long-term cyber espionage campaign in European countries.
“The malicious cyber campaign shows Russia’s continuous pattern of irresponsible behaviour in cyberspace, by targeting democratic institutions, government entities and critical infrastructure providers across the European Union and beyond,” the EU High Representative stated.
NATO in a statement said it stood in solidarity with Germany and Czechia following the malicious cyber activities against the two countries.
Germany publicly shared its assessment on APT28 compromise of various e-mail accounts of the German Social Democratic Party executive.
Czechia said the affected Szech institutions were offered technical recommendations and cooperation to enhance security measures. “The actor APT28 has also been the subject to active measures in Czechia as part of the global operation Dying Ember,” the Czech foreign office said claiming Czechia has long been targeted by the APT28.
Cyber attacks targeting political entities, state institutions and critical infrastructure were not only a threat to national security but also disrupted the democratic processes. “Such activities are in violation of the UN norms of responsible state behaviour in cyberspace and other international commitments. In the context of the upcoming European elections, national elections in a number of European countries and the ongoing Russian aggression against Ukraine, these acts are particularly serious and reprehensible. We call on the Russian Federation to refrain from such actions,” the Czechia foreign office stated and warned that Prague was “determined to respond strongly to this unacceptable behaviour together with our European and international partners”.
The EU too warned that the EU “will not tolerate such malicious behaviour, particularly activities that aim to degrade our critical infrastructure, weaken societal cohesion and influence democratic processes, mindful of this year’s elections in the EU and in more than 60 countries around the world”. It further claimed that Russia’s behaviour was contrary to the United Nations norms of responsible state behaviour in cyberspace, such as impairing the use and operation of critical infrastructure.
The EU further stated that it was determined to make use of the full spectrum of measures to prevent, deter and respond to Russia’s malicious behaviour in cyberspace.
State institutions, agencies and entities in the EU Member States, including in Poland, Lithuania, Slovakia and Sweden have been targeted by the same threat actor before, the EU High Representative said. In 2020, the EU imposed sanctions on individuals and entities responsible for the APT28 attacks targeting the German Federal Parliament in 2015.
APT28, also known as Fancy Bear, Strontium, and Forest Blizzard, is a well-known threat actor with a long history of engaging in malicious, nefarious, destabilizing and disruptive behaviour, the United States claimed. A US State Department Spokesperson, Matthew Miller said, Washington had previously indicted and sanctioned actors associated with APT28 for their involvement in a wide range of malign cyber activity, including cyber activities aimed at interfering in the 2016 U.S. presidential elections, and sustained hack-and-leak operations targeting the World Anti-Doping Agency (WADA) that intended to undermine and sow doubt in the integrity of the organization.
The U.S. Department of Justice has worked with Germany to remediate a network of hundreds of small office/home office routers that APT28 was using to conceal and carry out malicious activity, including the exploitation of CVE-2023-23397 against targets in Germany. The DOJ action further blocked the GRU from regaining access to remediated devices.
“Russia’s pattern of behaviour blatantly disregards the Framework for Responsible State Behavior in Cyberspace, as affirmed by all United Nations Member States. The United States is committed to the security of our allies and partners and upholding the rules-based international order, including in cyberspace. We call on Russia to stop this malicious activity and abide by its international commitments and obligations. With the EU and our NATO Allies, we will continue to take action to disrupt Russia’s cyber activities, protect our citizens and foreign partners, and hold malicious actors accountable,” Miller said.
There has been no response from Russia so far on the issue.
– global bihari bureau
