German cyber agency warns threat situation is ‘higher than ever’

Germany’s federal cybersecurity office warned on Tuesday that ransomware, political hacking, and other cybersecurity threats facing the country are “higher than ever.”

In its annual report, the office said ongoing criminal activities were responsible for the threat level, alongside attacks linked to the Russian invasion of Ukraine — but it also warned that insufficient IT and software product quality was a contributing factor.

While “a comprehensive attack campaign against German targets was not apparent,” said the Federal Office for Information Security (BSI) there has been “an accumulation of minor incidents and hacktivism campaigns in Germany in connection with Russia's war of aggression against Ukraine.”

These included the cyberattack against the satellite company Viasat which took place an hour before Russia's invasion on 24 February. The United States, United Kingdom, and European Union attributed the attack to Russia — although they did not implicate a specific agency in the country — while EU and NATO member Estonia attributed it to the GRU, the Russian military’s main intelligence directorate.

The attack on Viasat was intended to degrade the ability of the Ukrainian government and military to communicate, however it also bricked routers for remote maintenance systems used by German wind turbines, knocking 5,800 of them offline. Viasat said tens of thousands of its terminals were irreparably damaged and needed to be replaced.

“A hacktivism attack on German mineral oil dealers with a Russian parent company” was also mentioned by the BSI, presumably referencing anonymous hackers in March stealing information from the German subsidiary of the state-owned Russian oil company Rosneft.

The annual report is published amid a scandal at the BSI which followed a satirical  television show making allegations about the agency's now suspended chief, Arne Schönbohm, claiming he associated with a business connected to the Russian intelligence services.

Although no evidence has been presented that the office’s work has been compromised in any way, nor that Schönbohm has acted improperly, Germany’s Interior Ministry claimed the allegations “have permanently damaged the public’s necessary trust in the neutrality and impartiality of the conduct of his office as President of the most important German cyber security authority” in explaining his suspension.

Ransomware and cyber extortion incidents remain the most significant threat to Germany, the BSI said. “Both the ransom and hush money payments” have continued to rise, with a spate of incidents ahead of the Russian invasion affecting the oil and chemical sector in the country — as well as in its neighbors — provoking concerns that they were part of a criminal campaign coordinated by Russian intelligence. A Belgian official downplayed to The Record concerns that the attacks were linked.

A ransomware attack on the municipality of Anhalt-Bitterfeld also forced the regional authority to declare a state of disaster and call the German armed forces to be deployed for support. “Citizen-related services were unavailable or only partially available for more than 207 days,” reported the BSI.

Dr. Gerhard Schabhüser, the BSI's vice president, currently filling Schönbohm’s duties, said: “The threat situation in cyberspace is tense, dynamic and diverse and therefore higher than ever. In a digitized world, the well-being of the population depends more than ever on how well we are prepared against IT security incidents.”

Nancy Faeser, the minister of the interior, who has pledged to expand the BSI into a central office, added: "The cyber threat situation, which has continued to increase since the Russian war of aggression in Ukraine, requires a strategic realignment and significant investments in our cyber security."