1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Russian hackers targeting German politicians — report

March 22, 2024

The US security firm Mandiant, which is a subsidiary of Google owner Alphabet, says hackers under Russia's FSI spy agency tried to trick German politicians into opening a link to a fake dinner event.

Silhouette of hacker over green binary code
Russian hackers have targeted several German political parties to steal data, according to a media reportImage: Kacper Pempel/REUTERS

Russian hackers have targeted several German political parties to steal data, German news magazine Der Spiegel reported on Friday.

The magazine cited an analysis from the US security firm Mandiant, which is subsidiary of Google owner Alphabet, as well as an alert by German security authorities.

What did the cyber attack consist of?

Mandiant said that the APT29 hacking group, which is also known as "Cozy Bear," tried to trick "key German political figures" into opening an email that contained a fake invitation to a dinner event hosted by the opposition conservative Christian Democratic Union (CDU) party.

Mandiant analysts said that the group used a new kind of malware known as "Wineloader" to carry out the attacks.

The group has carried out several attacks on Western authorities, according to Der Spiegel. In January, it managed to break into the email accounts of top Microsoft employees.

International spy authorities believe that the group works under orders from the Foreign Intelligence Service (FSI), Russia's external intelligence agency.

An alert from Germany's Federal Office for Information Security (BSI) said that cyber spies were attempting to build long-term access and extract data from German political parties.

The CDU said that this was not the first time it had been the target of digital attacks.

"In this case, too, we received very prompt information about the attack," the party said in a statement.

"There was no official CDU dinner on 1 March, the event was fictitious."

Why did Russian hackers target German political parties?

The BSI said that foreign powers were particularly interested in extracting information from politicians in the context of upcoming European elections, which are due to be held in early June.

Mandiant analyst Dan Black said that Moscow was working to undermine European support for Ukraine.

"This latest targeting is not just about going after Germany or its politicians; it is part of Russia's wider effort aimed at finding ways to undermine European support for Ukraine," Black said in a statement.

German defense minister: Russia running 'information war'

Germany has increasingly been the target of Russian spying efforts over its support for Kyiv as Ukraine fights off Russia's invasion.

On Tuesday, a German soldier was charged with allegedly handing over secrets obtained in the course of his work to Russian intelligence.

Earlier this month, Russian media published a wiretapped conversation in which Bundeswehr officers were heard discussing arms deliveries to Ukraine.

sdi/wd (AFP, Reuters)

While you're here: Every Tuesday, DW editors round up what is happening in German politics and society. You can sign up here for the weekly email newsletter Berlin Briefing.