An infamous group by the name of APT28, which is thought to be simply a cyber-espionage arm of the Russian intelligence collective, has been hacking into German government run systems for around a year now.
The German Defense Ministry, German Foreign Ministry, Federal Court of Auditors and the German Chancellery, have all been infiltrated, to varying degrees by the Russian hackers. This is according to the German news agency, DPA.
These attacks have increasingly targeted a number of European and North American entities, mostly in the form of spear-phishing emails, and are seemingly unrelated to the attacks on the German government houses. Despite this, the group involved in the attacks seems to be the same, as has been confirmed by various groups.
The group, as mentioned earlier, is thought to be under the command of the agency known as GRU, which is basically the Russian intelligence wing. The group also goes by several other names, such as STRONTIUM, Tsar Team, Fancy Bear, Grizzly Steppe, Sofacy, Pawn Storm and Sednit.
The Estonian Foreign Intelligence Service, the group is formed by, and consists of members of the Russian Military Main Intelligence Directorate, which is abbreviated to GRU. In addition to this, earlier, in January, there was an article in the Washington Post, which cited CIA sources, and claimed that GRU were behind the development and spreading of the NotPetya ransomware.
Several authorities have made the claim and reported that APT28 has been in activity since 2010, and has been behind the hacking of the International Olympic Committee as well. this is basically the biggest tie-in to the Russian intelligence machine.
According to Benjamin Read, SR. Manager at Cyber Espionage Analysis agency FireEye, “APT28 conducts cyber espionage campaigns to serve not only traditional espionage goals, but also to provide fodder for influence operations. Throughout 2016 and 2017, we uncovered APT28 targeting multiple U.S. and European government-related entities including government, diplomatic and military organizations in Europe and surrounding the U.S. presidential election. We do not have any insight into the breaches in Germany, [but] the activity would be consistent with the actor’s well-established behavior.”
