German security agencies have helped neutralize a Russian computer espionage network in a US-led operation that revealed part of the spying on Germany’s plans for Ukraine, the interior ministry said in Berlin, DPA reported.
Hacker group APT 28 has installed malware on hundreds of small routers in offices and private homes, operating under the direction of Russia’s GRU military intelligence, the agency announced.
Hackers have used international infrastructure to attack German targets over the past two years, including in relation to German politics and supplies to Ukraine, the interior ministry spokesman said, citing German domestic intelligence authorities.
“The attacks were focused on information about Germany’s political-strategic orientation in relation to Russia and support for the supply of military goods to Ukraine,” the spokesman said, citing the intelligence service, officially called the Office for the Protection of the Constitution.
Targets in other European Union and NATO countries were also attacked.
“We are aware of the tools that (Russian President Vladimir) Putin’s criminal regime is using,” Interior Secretary Nancy Feser said.
“Our actions show how serious the threat of Russian cyberattacks is, but also how we are arming ourselves against these threats,” Feser pointed out.
Affected devices can no longer be used for cyber espionage operations.
Malware installed on routers has been used as a global platform for cyberespionage, according to a statement by the US Federal Bureau of Investigation (FBI) and information provided yesterday by a ministry spokesman.
According to the FBI, the targets of the espionage activities were governments, the military, security agencies and companies in the US and other countries. “Russian intelligence agencies have reached out to criminal gangs to assist them in this case,” the US statement added.
The owners of the affected devices “were very likely not the actual target of the attacks,” the ministry spokesman explained. Hackers used the devices to disguise the structure of their own attack.
The APT28 hacking group has been active globally since at least 2004 and has been identified by the Home Office as one of the most active and dangerous cyber actors in the world. German domestic intelligence claims the group is part of the GRU.
According to the FBI, the hackers used malware to attack routers that use publicly known default administrator passwords.
