Suspected Russian state-backed hackers with a history of running disinformation campaigns against NATO have targeted dozens of German lawmakers, German media reported on March 26.
The hackers used spear-phishing e-mails to target the private e-mail accounts of members of the German parliament and regional state assemblies, in the latest suspected Russian-backed effort against lawmakers in the country.
Public broadcaster WDR and news website Der Spiegel reported that the attacks occurred in recent days and were noticed by the BfV domestic intelligence agency and the country’s information security agency.
It was unclear what, if any data, was stolen. WDR reported at least some e-mail accounts were compromised. Der Spiegel reported at least seven members of parliament were targeted and 31 lawmakers in state assemblies.
German security officials believe the cyberattack was carried out by a group known as Ghostwriter, long suspected of ties to Russia’s GRU military intelligence agency.
WDR said officials are now warning of possible disinformation campaigns stemming from the cyberattack.
According to the U.S. cybersecurity firm FireEye, since at least 2017 Ghostwriter has run information operations as part of a Russian influence campaign. The operations have primarily targeted the Baltic states and Poland, with a focus on producing disinformation about NATO.
The Ghostwriter campaign has “leveraged website compromises or spoofed e-mail accounts to disseminate fabricated content, including falsified news articles, quotes, correspondence, and other documents designed to appear as coming from military officials and political figures in the target countries,” FireEye said in an analysis last year.
For example, Ghostwriter is believed to be behind spreading fake news in 2018 about German soldiers participating in the NATO mission in Lithuania desecrating a Jewish graveyard and running over a child with a tank.
In 2015, suspected Russian hackers tied to the GRU carried out a massive cyberattack on the German parliament, disrupting IT systems and stealing troves of data. The e-mail accounts of several members of parliament, including in Chancellor Angela Merkel’s office, were affected.