Suspected Russian hackers tried to break into the email accounts of Bundestag members in a spearphishing attack. It is not yet known if attackers stole any data during the incident.
In the attack, German politicians received phishing emails in their private inboxes, according to Der Spiegel.
It is believed that the attackers accessed the email accounts of seven members of the German federal parliament, or Bundestag, and 31 members of regional parliaments. Most of the targets are members of the CDU/CSU and SPD governing parties.
A German government spokesperson said the attackers didn’t target the Bundestag’s IT network.
German security authorities suspect that it was Ghostwriter, a Russian military intelligence hacking group, who conducted the attack.
A cybersecurity firm FireEye says since March 2017, Ghostwriter has been running “information operations” that indicate the group’s support of Russian security interests.
By using fabricated personas posing as journalists and analysts they targeted Latvian, Lithuanian, and Polish citizens with anti-NATO information distributed via spoofed email accounts and compromised news websites.
“The Ghostwriter campaign leverages traditional cyber threat activity and information operations tactics to promote narratives intended to chip away at NATO’s cohesion and undermine local support for the organization in Lithuania, Latvia, and Poland,” FireEye said last year.
Bundestag members’ accounts have previously been hacked in 2015, which forced the Council of the European Union to impose sanctions on members of the Russian state-backed APT28 hacking group in October 2020.
In August 2020, Norway disclosed a similar attack in which likey Russian state hackers stole information from the hacked email accounts. The Norwegian Police Security Service named the APT28 as the likely operator behind the attack.
Then this year, Russian-sponsored state hackers attacked the Ukrainian government and hacked the website of the National Security and Defense Council of Ukraine (NSDC).