Google warns of elite Russian hackers targeting German politicians

 Elite hackers tied to Russian intelligence last month targeted several German political parties with an eye toward burrowing into their networks and stealing data, according to an alert released by Germany’s cybersecurity agency and security researchers working for Google owner Alphabet.

In a report published on Friday, Alphabet’s Mandiant cyber unit said it had caught the hacking group known as APT29, which is alleged by Western intelligence to act on behalf of Russia’s SVR foreign spy agency, trying to trick “key German political figures” into opening an email masquerading as an invitation to a March 1 dinner event hosted by the Christian Democratic Union (CDU), Germany’s center-right political party.

An alert circulated by Germany’s BSI cyber agency and reviewed by Reuters referred to the same incident, saying that state-backed cyber spies were targeting German political parties in an effort to build long-term access and exfiltrate data.

In a statement, the CDU said it had long been exposed to digital attacks from domestic and foreign actors.

“In this case, too, we received very prompt information about the attack,” the statement said. “There was no official CDU dinner on 1 March, the event was fictitious.”

The alert did not give further details on who was believed to be responsible and neither it nor Mandiant provided details on who specifically was targeted. The BSI did not immediately return a request for comment. The Russian embassy in Washington also did not immediately respond to an email requesting comment.

The BSI said in its alert that foreign powers were particularly interested in spying on politicians in the context of the “upcoming European elections.” Mandiant said the targeting fit in with Moscow’s focus on its long-running conflict with Kyiv.

“This latest targeting is not just about going after Germany or its politicians; it is part of Russia’s wider effort aimed at finding ways to undermine European support for Ukraine,” Mandiant’s Dan Black said in a statement.

Germany is among the Western nations that have provided military support for Ukraine in its war with Russia. In December, Russian President Vladimir Putin said relations between the Berlin and Moscow have remained largely frozen.

Germany’s Der Spiegel first reported, on the alleged hacking campaign earlier on Friday.

 

In a similar incident reported by tribune.com.pk, a group of elite hackers with ties to Russian intelligence targeted multiple German political parties. The hackers were identified as APT29, known to act on behalf of Russia’s SVR foreign spy agency. Their attempt to breach the networks of German political parties was thwarted, but the incident raised concerns about potential data theft and long-term access by state-backed cyber spies.

The alert issued by Germany’s BSI cyber agency highlighted the ongoing threat of foreign powers targeting politicians, especially in light of the upcoming European elections. This aligns with Mandiant’s assessment that the hacking campaign was part of Russia’s broader strategy to undermine European support for Ukraine, given the longstanding conflict between Moscow and Kyiv.

While specific details on the targeted individuals were not disclosed, the CDU acknowledged the prevalence of digital attacks against them. The fake invitation to a non-existent dinner event on March 1 was a clear attempt to deceive key political figures, demonstrating the sophisticated tactics employed by APT29.

Despite the prompt notification of the attack, questions remain regarding the identity of the perpetrators and their motives. The BSI’s warning serves as a reminder of the constant cybersecurity threats faced by political organizations, both domestically and internationally.

As geopolitical tensions persist, the incident serves as a stark reminder of the evolving nature of cyber warfare and the importance of robust defense mechanisms to safeguard sensitive information. The targeted hacking campaign underscores the need for enhanced collaboration between governments, cybersecurity experts, and private sector entities to effectively mitigate future cyber threats.