Germany’s top cyber official on Thursday confirmed said his agency was aware of computer attacks on two foundations tied to Germany’s ruling coalition parties for some time, and was helping the think tanks analyze what happened.
Arne Schoenbohm, president of the BSI federal cyber security agency, did not comment on security firm Trend Micro’s claim that the attacks were carried out by “Pawn Storm,” the same Russian hacking group linked to attacks on French presidential candidate Emmanuel Macron or the U.S. election.
Other experts have said the group, also known as “Fancy Bear” or “APT 28,” is linked to GRU, the Russian military intelligence directorate.
German officials and lawmakers say the attacks are the latest in a series aimed at disrupting German elections and damaging Chancellor Angela Merkel, who has pushed to maintain sanctions on Russia over its actions in eastern Ukraine.
Germany’s intelligence agencies issued unusually frank warnings late last year about what they called Moscow’s “aggressive” cyber spying and disinformation campaigns.
Russia has denied any involvement in the cyber attacks.
Trend Micro said the hacker group used email phishing tricks to try to install malicious software at the Konrad Adenauer Foundation (KAS) of Merkel’s Christian Democratic Union (CDU) party, and at the Friedrich Ebert Foundation (FES) of the Social Democratic Party (SPD), junior partner in the ruling coalition.
A KAS spokesman said BSI warned the foundation in early March of “peculiarities”, but that a subsequent network scan by the government cyber security agency found “nothing suspicious”.
A FES spokeswoman confirmed that the think tank had also registered an attack but said its networks had been successfully defended. She said the group was working closely with the BSI, but declined to give any further details.
Schoenbohm said the BSI was working hard to bolster Germany’s ability to resist cyber attacks and offered consulting services and other solutions to government, private industry and other societal groups.
“Cyber espionage is a widespread phenomenon. One challenge in evaluating such cases is that attacks aimed at extracting information cannot necessarily be differentiated from attacks aimed at influencing public opinion,” he said in a statement.
He said the agency was working closely with the two foundations and supporting them in matters related to the security of their information technology systems.
(Reporting by Andrea Shalal, editing by Larry King)