The cyberattacks, initiated by the Russian leadership, have reached the limits of patience of Germany and the United States
Germany is preparing for the day of the parliamentary elections in the usual atmosphere of cyberattacks, Russia’s involvement in which is no doubt. Just as some southern countries have become accustomed to simoom, hot wind blowing from the desert and carrying sand, the West seems to have long since ceased to be surprised that the Russian side makes special efforts to influence domestic political schedules.
The Office of the German Federal Public Prosecutor says it launched an investigation into recent cyberattacks on German politicians. Earlier, the German Federal Office announced that the government had some information about Russia’s involvement in those actions. Foreign Ministry spokeswoman Andrea Sasse said that “the German government has reliable information on the basis of which Ghostwriter hacker outfit activities can be attributed to actors of the Russian state and, specifically, Russia’s GRU military intelligence service.” Germany called on Russia to stop this illegal activity, but such statements are becoming commonplace.
The Federal Office for the Protection of the Constitution and the Federal Office for Information Security consider that the interest of Russian hackers in the personal and official mailboxes of German politicians is underpinned with the attempts to obtain information that can be further published or even used to release fake news on behalf of a victim.
Ghostwriter has been active since 2017, and until recently it specialised in spreading disinformation about NATO in the Baltic states and Poland. Now, as we can see, it has been focused on Germany, precisely because of the extreme urgency of the German elections.
There should be no illusions about the effectiveness of appeals to the conscience of the relevant Russian officials. Back in 2015, hackers gained access to the German Chancellor’s official computer and all her official letters from 2012 to 2015. At the same time, the attackers sneaked into the network of other German Bundestag members. The prosecutor’s office accused Russian Dmitry Badin, a member of the GRU-created Fancy Bear hack team, of that crime. In addition, German intelligence exposed the involvement of Sofacy and APT28, which are also funded by the Russian government, in cyberattacks.
Moreover, in January 2015, another group, CyberBerkut, whose name gave a hint about the special unit of the Ukrainian police that cracked down on EuroMaidan protesters, claimed responsibility for hacking government websites and Angela Merkel’s files, demanding the stop of Germany’s financial and political support for Ukraine. Angela Merkel herself said in May last year that there was evidence of a Russian trace in all those cyberattacks. But Russian hackers, as recent events show, have not given up. This raises the question of whether the German system to counter such attacks is efficient.
A recent story around the hacking group REvil, also known as Sodinokibi, shows what could be different. REvil stands for Ransomware Evil. It operated from the territory of Russia under the control of special services and carried out up to a dozen attacks a month, specialising, in fact, in extorting money from big business. On 4 July, U.S. Independence Day, the group targeted a large network of companies, which led to the malfunction of 1,500 companies. After that, Joe Biden called Vladimir Putin, and later a White House spokesperson said that hackers would face tough opposition: “We do not intend to warn what exactly these actions will be. Some will be demonstrative and noticeable, some will not. But they will happen soon.”
Whether it was Biden’s pressure on Putin, some special measures, or maybe the group just went underground, but all sites linked to REvil in the dark net stopped working in mid-July. Therefore, it is possible to counteract enemy cyberattacks, given the will. The cooperation of German experts with American colleagues and the coordinated policy of the leadership of these and other countries, which are regularly targeted by Russian cyberattacks, would be the way to solve this unpleasant problem. “Sandstorms” from the east must stop.
Leonid Shvets