NATO allies condemn Russia for ‘serious and reprehensible’ cyberattacks

A hacking group associated with Russia’s military intelligence agency attacked German Chancellor Olaf Scholz’s political party and “some Czech institutions,” according to Western officials and NATO.

“We can attribute this cyberattack to a group called APT28, which is steered by the military intelligence service of Russia,” German Foreign Minister Annalena Baerbock told reporters on Friday. “This is absolutely intolerable and unacceptable and will have consequences.”

Russia denied the allegation “as another unfriendly step aimed at fueling anti-Russian sentiment in Germany,” but Baerbock’s rebuke found an echo in Prague and across the NATO alliance. The hacking organization, known in Western circles as Fancy Bear or APT28, “exploit[ed] a previously unknown vulnerability in Microsoft Outlook from 2023” in a sprawling operation, according to Czech officials.

“In the context of the upcoming European elections, national elections in a number of European countries and the ongoing Russian aggression against Ukraine, these acts are particularly serious and reprehensible,” the Czech foreign ministry said. “Cyber attacks targeting political entities, state institutions and critical infrastructure are not only a threat to national security, but also disrupt the democratic processes on which our free society is based.”

In March, a Google-owned cybersecurity firm called Mandiant announced an assessment that another Russian intelligence service, the SVR, sent “phishing emails … to victims purporting to be an invite to a dinner reception” hosted by a different German political party, the Christian Democratic Union.

“Based on the SVR’s responsibility to collect political intelligence and this APT29 cluster’s historical targeting patterns, we judge this activity to present a broad threat to European and other Western political parties from across the political spectrum,” Mandiant said, noting that the malicious program “was first observed in operational use in late January 2024 in an operation targeting likely diplomatic entities in Czechia, Germany, India, Italy, Latvia, and Peru.”

APT28, the GRU-linked entity, is the same one that U.S. officials have blamed for the targeting of former Secretary of State Hillary Clinton’s campaign chairman in the 2016 presidential election. The cyberattacks in question occurred in 2023, but the allegation comes several months after Russia embarrassed Scholz’s government by releasing a recording of a phone conversation between German military officials who discussed, on an unsecured line, plans for a possible delivery of long-range Taurus missiles to Ukraine.

“We join Germany in attributing specific malign activity carried out by APT28 that targeted a German political party,” State Department spokesman Matthew Miller said Friday. “The U.S. Department of Justice has worked with Germany to remediate a network of hundreds of small office/home office routers that APT28 was using to conceal and carry out malicious activity. … The DOJ action further blocked the GRU from regaining access to remediated devices.”

German officials summoned the top Russian envoy in Berlin to the foreign ministry to protest the attack, but Russia “expressly rejected the accusation” in a subsequent statement.

“The Embassy regards this demarche by the Foreign Office as another unfriendly step aimed at stoking anti-Russian sentiments in Germany and further destroying Russian-German relations,” the embassy insisted.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

The same Russian spy team also has attacked targets in several other countries — Poland, Lithuania, Slovakia, and Sweden — across NATO and the European Union, Western officials agreed on Friday.

“We strongly condemn malicious cyber activities intended to undermine our democratic institutions, national security and free society,” the North Atlantic Council, which is the assembly of alliance ambassadors at NATO headquarters in Brussels, said Friday. “The malicious cyber activities targeting Germany and Czechia underscore that cyberspace is contested at all times. Cyber threat actors persistently seek to destabilize the Alliance.”