German BfV intelligence agency alleges Russian hackers are behind attacks against Nato, a French TV channel and Ukraine’s power grid in recent years

This article is more than 4 years old

This article is more than 4 years old

Germany’s domestic secret service has accused Russia of a series of international cyber-attacks aimed at spying and sabotage, in “hybrid warfare” that also targeted the German parliament last year.



The operations cited by the BfV intelligence agency ranged from an aggressive attack called Sofacy or APT 28 that hit Nato members and knocked French TV station TV5Monde off air, to a hacking campaign called Sandworm that brought down part of Ukraine’s power grid last year.

Germany 'may revert to typewriters' to counter hi-tech espionage Read more

“Cyberspace is a place for hybrid warfare. It opens a new space of operations for espionage and sabotage,” said Hans-Georg Maaßen, who heads the BfV agency.

“The campaigns being monitored by the BfV are generally about obtaining information, that is spying,” he said. “However, Russian secret services have also shown a readiness to carry out sabotage.”

Germany itself fell victim to one of these rogue operations, with the Sofacy attack last year hitting the German lower house of parliament.

Angela Merkel’s CDU party confirmed it had been targeted in April, adding that “we have adapted our IT infrastructure as a result”.

The BfV said the “cyber-attacks carried out by Russian secret services are part of multi-year international operations that are aimed at obtaining strategic information. Some of these operations can be traced back as far as seven to 11 years.”

IT experts believe that Sofacy or APT 28 is a phishing tool of the broader Operation Pawn Storm, that has been blamed for targeting Nato and the US government and military, as well as Ukrainian activists and Russian dissidents.

The operation included the attempted hacking of the Dutch Safety Board’s computer systems by Russian spies seeking to access a sensitive final report into the July 2014 shooting down of airline flight MH17 over Ukraine, according to security experts Trend Micro.

It also hit France’s TV5Monde last April, shutting down transmissions and placing jihadi propaganda messages on the station’s website, Facebook and Twitter accounts.

Russian hackers suspected of Kremlin ties used Windows bug ‘to spy on west’ Read more

The station had initially focused investigations on Isis, after the perpetrators claimed to be members of the jihadi group. But in June, a French judicial source put the blame on Russian hackers.

Sandworm refers to a group of hackers who deploy the malware known as Black Energy and KillDisk through phishing emails.

BfV said Sandworm targeted not just government posts, but “was also aimed at telecommunications companies, energy providers as well as higher education facilities”.

The west has been boosting resources and tightening cooperation to fight the mounting threat of international cyber-attacks, with cyberdefence designated as a core Nato task.