German political parties are latest targets of Russian cyber spies

A hacking group linked to Russia’s Foreign Intelligence Service (SVR) is targeting German political parties, according to an alert from cybersecurity company Mandiant.

Germany, which has provided a substantial amount of military support to Ukraine, has faced persistent espionage threats from Russia since the beginning of the invasion of Ukraine.

This week German prosecutors charged a military officer with espionage offenses after he was allegedly caught spying on behalf of the Kremlin’s intelligence services.

The country’s military was also embarrassed earlier this month when a Russian propagandist published an intercepted conversation between Bundeswehr officials discussing the country’s support for Ukraine. 

Mandiant said the new campaign is the first time the spies have been observed targeting political parties “indicating a possible new operational focus beyond typical attacks on diplomatic figures.”

The threat actor, tracked as APT29, Cozy Bear and BlueBravo, is best known for the SolarWinds breach in 2020. At the time, the British government assessed it was “highly likely the SVR was responsible” and said the agency had “previously attempted to gain access to governments across Europe and NATO members.”

The supply-chain compromise gave the Russian intelligence agency access to internal material from the U.S. State Department,  the Department of Justice, the Department of Energy, the Cybersecurity and Infrastructure Agency and the Treasury.

John Hultquist, Mandiant’s chief analyst, said the SVR had always been tasked with helping Russia understand and predict Western politics: “For an intelligence service, a political party may represent the earliest possible opportunity for insight.”

Dan Black, also an analyst at Mandiant, said: “Outside of Ukraine, there is no bigger priority for Russia’s intelligence services right now than monitoring changing Western political dynamics.

“This latest targeting is not just about going after Germany or its politicians; it is part of Russia’s wider effort aimed at finding ways to undermine European support for Ukraine.”

Politicians and civil society groups across Europe and the West should take the new campaign as a warning signal, said Black, “that they almost certainly are also in the Kremlin’s sights, and should bolster their team’s cyber awareness to better safeguard against these tactics.”

The hackers were observed sending phishing emails to victims purporting to be an invite to a dinner reception hosted by the Christian Democratic Union, one of Germany’s largest parties.

Hultquist cautioned: “There is no reason to believe this activity is limited to any single party or country. The answers Russia is seeking are almost certainly spread across organizations, all of whom may be targeted for collection efforts. This targeting should be a concern for Germany, Europe, and even the United States.”