Russian Foreign Minister Sergey Lavrov and European Union foreign policy chief Federica Mogherini address a joint news conference after a meeting in Brussels in July 2017.

BRUSSELS — The European Union’s embassy in Moscow was hacked and had information stolen from its network, according to a leaked internal document seen by BuzzFeed News.



An ongoing “sophisticated cyber espionage event” was discovered in April, just weeks before the European Parliament elections — but the European External Action Service (EEAS), the EU’s foreign and security policy agency, did not disclose the incident publicly.

Russian entities are believed to be behind the hack, a source, speaking on condition of anonymity, told BuzzFeed News.

The EEAS confirmed an incident had taken place and, asked whether the EU’s foreign policy chief Federica Mogherini knew about the incident, said that EEAS hierarchy had been informed.

“We have observed potential signs of compromised systems connected to our unclassified network in our Moscow Delegation. Measures have been taken and the investigation is in progress — at this stage we cannot comment further,” a spokesperson said.

According to the leaked document, the initial attack took place in February 2017, but it was only detected in April this year. An analysis of the hack found activity affecting at least two computers and concluded that information had been stolen.

However, officials have no idea how much and exactly what kind of information was taken during the attack.

The analysis determined that the cyber espionage hack was an advanced persistent threat (APT) — a continuous, clandestine, and sophisticated hacking technique used to gain access to a system and remain undetected for a prolonged period of time.

Such types of attacks have been tried against other European foreign affairs ministries, according to the leaked document.

According to the same source who told BuzzFeed News that Russian groups were behind the EEAS hack in Moscow, member states were not informed of the incident.

An EEAS spokesperson said that member states had been informed “via established channels (cyber defence channels).”

But sources told BuzzFeed News the EEAS did not share the information with the EU's most senior officials, including the president of the European Commission, Jean-Claude Juncker, and European Council president Donald Tusk. EU leaders were also kept in the dark.

"Nobody knew," another EU source said.

Ahead of May’s European Parliament elections, the EU adopted a series of measures to counter cyberattacks, including an action plan against disinformation, amid evidence of ongoing aggressive activity and interference campaigns by foreign actors, primarily pointing to Russia.

However, several EU officials BuzzFeed News has spoken to claim that the bloc and some European governments are still not doing enough to counter Russian activity because they underestimate or downplay the threat.

Robert Mueller said in his only public statement as special counsel last month that his investigation into Russian interference in the 2016 election found that “Russian intelligence officers who were part of the Russian military launched a concerted attack on our political system. The indictment alleges that they used sophisticated cyber techniques to hack into computers and networks used by the Clinton campaign.”

He concluded that there were “multiple, systematic efforts to interfere in our election.”

The same group that hacked the Democratic National Committee was also behind a hack against the German parliament the previous year.