Several members of the German Parliament (Bundestag) and other members of the state parliament became victims of a cyber-attack allegedly launched by Russia-linked hackers.
German newspaper Der Spiegel revealed that email accounts of multiple members of the German Parliament (Bundestag) were targeted with a spear phishing attack.
The attackers who are suspected to be members of Ghostwriter group that works under the control of the Russian military secret service GRU, sent messages to the private emails of the German politicians.
According to a report published by Der Spiegel, the computers of at least seven members of the Bundestag were attacked. The attack was performed by phishing emails to the private email addresses of politicians, which is messages from supposedly trustworthy senders whose aim is to hijack the entire account.
It is not known at present whether the attackers were able to steal sensitive data in the attack.
Seven members of the German federal parliament (Bundestag) and 31 members of German regional parliaments were hit by the attack, most of them are part of the CDU/CSU and SPD parties.
According to Frank Bergmann, a spokesperson for the Bundestag, the attack did not impact the infrastructure of the German Bundestag. The German authorities notified the impacted politicians as soon as the attack was uncovered.
The threat actors had also targeted political activists in Hamburg and Bremen.
Last August, FireEye researchers reported that GhostWriter group was behind a disinformation campaign that started at least in March 2017 and is aligned with Russian security interests.
GhostWriter doesn’t spread the campaigns through social networks, instead, they abused compromised content management systems (CMS) of news websites or spoofed email accounts to disseminate fake news.
The attackers replace existing legitimate articles on the sites with the fake content, instead of creating new posts. They circulate fabricated content, including falsified news articles, quotes, correspondence, and other documents that seems to look like coming from military officials and political figures in the target countries.
In October 2020, the Council of the European Union sanctioned Russian military intelligence officers, belonging to the 85th Main Centre for Special Services (GTsSS), for their role in the 2015 attack on the German Federal Parliament (Deutscher Bundestag).
The 85th Main Centre for Special Services (GTsSS) is the military unit of the Russian government also tracked as APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM).
Photo Credits : Bank Info Security