EU formally blames Russia for GhostWriter influence operation

European Union officials have formally accused the Russian government and its state hackers of meddling inside the elections and political systems of several EU states.

In a statement published on Friday, the EU said that the Russian government is behind a hack-and-leak operation known as Ghostwriter.

Active since 2017, the campaign consists of Russian hackers breaking into news websites or social media accounts of government officials in order to publish forged documents, fake news, and misleading opinions meant to sway elections, disrupt local political ecosystems, and create distrust of US and NATO forces.

First documented by security firm FireEye last year [PDF], the campaign has primarily targeted officials and news sites inside Latvia, Lithuania, and Poland, in a campaign that has also continued throughout 2021 as well [PDF].

Among the group’s most infamous attack last year was an attempt to distribute a forged letter from the NATO Secretary General to Lithuania’s Defense Ministry purporting to announce the withdrawal of NATO troops from the country.

In addition, the group also hacked into the social media accounts of Polish officials to smear and attack social activists and rival politicians.

GhostWriter attacks expanded to Germany over the summer

GhostWriter attacks also expanded their scope this summer, when the group also began targeting Germany, with hackers beaching accounts for seven Bundestag members and 31 state parliamentarians in order to sway opinions ahead of the upcoming elections.

FireEye initially attributed the GhostWriter attacks to a group it codenamed UNC1151, describing its campaigns as “aligned with Russian security interests.”

But after Germany formally blamed the Russian government earlier this month, the European Council also published a formal statement today calling out Moscow officials.

These activities are contrary to the norms of responsible State behaviour in cyberspace as endorsed by all UN Member States, and attempt to undermine our democratic institutions and processes, including by enabling disinformation and information manipulation.

The European Union and its Member States strongly denounce these malicious cyber activities, which all involved must put to an end immediately. We urge the Russian Federation to adhere to the norms of responsible state behaviour in cyberspace.

The European Union will revert to this issue in upcoming meetings and consider taking further steps.

The Russian Ministry of Foreign Affairs, which has historically responded to hacking accusations from the US and EU states with flat-out denials, has not yet responded to the EU’s latest statement.

Researchers who analyzed the GhostWriter campaigns described the operation as half decent and easy to see through, with many of the forged documents being easy to proven as fakes and dismissed.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Binance freezes $3 million worth of crypto stolen in Ankr hack

Binance, one of the last remaining crypto giants, froze about $3 million worth of cryptocurrency…

11 hours ago

SIM-swapper gets 18 months, must pay back $20 million he stole from crypto investor

A 25-year-old Florida man was sentenced on Thursday to a year-and-a-half in prison and ordered…

12 hours ago

Spanish police arrest 55 people involved in wide-ranging cyberscam operation

At least 55 people were arrested by the Spanish National Police on Thursday for their…

13 hours ago

More than 150 Oracle Access Management systems exposed to bug highlighted by CISA

At least 151 Oracle systems are exposed to a vulnerability that the Cybersecurity and Infrastructure…

14 hours ago

DHS cyber safety board to probe Lapsus$ hacks

The Homeland Security Department on Friday announced its cyber review board would investigate a series…

18 hours ago

Should Ukraine rein in its patriotic hackers?

When Russia invaded Ukraine in February, a 23-year-old from Kyiv who goes by Vlad decided…

1 day ago