1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

German firms targeted by Russian hackers?

Insa Wrede
March 25, 2022

Wars are also being fought in cyberspace. The Kremlin may aim to harm German firms with more cyberattacks in response to Western sanctions. Are such fears justified?

Hacker using a keyboard (symbolic picture)
Cyberattacks have long become a real threat for German companies and institutionsImage: Jakub Porzycki/NurPhoto/imago images

Russia is attacking Ukraine not just with tanks and rockets, but also in cyberspace — where routers, electricity grids and government websites were targeted even before the actual invasion.

Experts strongly believe that an attack on the Ka-Sat satellite network operated by US firm Viasat was also masterminded by Russia. Ka-Sat provides internet connections to parts of Europe, including Ukraine and the Mediterranian region, and is completely independent of terrestrial infrastructure.

The aim of the attack had been to disrupt communication channels in Ukraine. The impact was felt in other European nations as well. Germany's Enercon, a producer of wind energy technology, reported the destruction of 5,800 satellite-based modems in wind turbines, meaning the turbines could no longer be maintained remotely.

Calm before the storm?

According to Dirk Häger from Germany's Federal Office for Information Security (BSI), the attack on Enercon has so far been the only case of collateral damage in Germany. The BSI told DW that since Russia's invasion of Ukraine there had been some unrelated security incidents with only limited effects, but added that the potential risks of such attacks were rising.

"There's a threat, no doubt about that," Häger said, prompting the BSI to raise the orange alert and call on businesses to increase their vigilance.

"We're already noticing increased scanning activities focusing on IT systems and potential vulnerabilities," said Sebastian Artz from Germany's IT industry group Bitkom. "Attackers are looking for open ports that could be used to hack into systems," he said. Such activities were nothing new, he argued, but if their

frequency increased further, a major attack could be in the pipeline. Artz conceded, though, that there was no proof that those activities were steered by Russia.

Critical infrastructure in danger?

On Tuesday, US President Joe Biden warned against Russian cyberattacks in the US, saying the country had a very sophisticated cybercapacity. He claimed there was "evolving intelligence" that Moscow was looking to carry out cyberattacks in response to Western sanctions.

Sectors dealing with critical infrastructure — including energy, IT, water management, health care systems and financial institutions — have been advised to prepare for such attacks.

In both the US and Germany, a large part of this critical infrastructure is in private hands. For Bitkom's Artz it's not a cause for alarm.

"In Germany, there's a legally binding protection of such infrastructure as laid down in the 'Security Bill 2.0,'" he told DW. Companies active in such sectors are forced to take special technical and organizational precautions to protect the systems in question, he said.

Manuel Atug, the founder of a German independent critical infrastructure association Kritis, is not so sure. "You've got the whole spectrum among German businesses and regional institutions," he told DW. "Some are forearmed, others are not so well prepared and others again just chance it."

Hard to target

However, Atug added it was not so easy to disrupt critical supply services over a longer period via a cyberattack.

"That's difficult to achieve and doesn't happen very often," he said, adding that there were two such attempts in Ukraine in 2015 and 2016 respectively. "In both cases, blackouts didn't last very long. Some 230,000 people were cut off from electricity for just an hour in winter."

In May 2021, though, the US East Coast faced a major fuel shortage after a cyberattack forced top US pipeline operator Colonial Pipeline to turn off the tap. "Strictly speaking, that wasn't a failure of critical infrastructure, but a step taken to protect economic interests," Atug explained.

"The state could have covered the costs temporarily at any time to make the oil flow again."

Colonial Pipeline in the US
A cyberattack on a major US pipeline choked the transportation of oil to the eastern US in 2021Image: Kevin G. Hall/ZUMA/imago images

Cyberattacks in the West not intended?

The fact that larger cyberattacks have not occurred in Germany so far may have to do with Putin not anticipating that his war in Ukraine would drag on for so long, Artz says. Hence cyberattacks against the West may not have been part of his initial strategy.

Planning such attacks cannot be done overnight and need several months of preparation, the expert explained.

What also needs to be taken into consideration is that "a large-scale attack on critical infrastructure in the West could bring NATO into play," said Sven Herpig, a cybersecurity expert at the Berlin-based foundation Stiftung Neue Verantwortung. It could lead to the invoking of the alliance's Article 5, which states that an attack on one member is an attack on all members. This would lead to an escalation that Putin is not keen to see at the moment.

In spite of it all, new phishing activities coming from Russian IP addresses and targeting Western government institutions have been observed recently, says Matthias Schulze from the German Institute for International and Security Affairs.

Businesses and institutions should take precautionary measures like making regular backups of their data, recommends Atug. "This is something that they should have done before the war and should keep doing now," he said.

This article was originally written in German.