Germany's cyber ambassador on the response to Russia: 'All of this takes time'

TALLINN, Estonia — Germany’s cyber ambassador, Regine Grienberger, says that Berlin is preparing to use the "European cyber diplomacy toolbox" in response to the 2023 breach of a political party that was attributed to Russian state-backed hackers.

Earlier in May, Germany declared that the group known as APT28 or Fancy Bear — which is linked to Russia’s military intelligence service, the GRU — was responsible for the cyberattack on the Social Democrat Party.

When asked about potential repercussions, Grienberger mentioned sanctions as a component of the EU’s cyber diplomacy. There are, however, many "preconditions" for applying such sanctions, she added.

"We have to provide and present proof of who we think is responsible for the attack. We also have to share this — and it’s classified information — so we have to provide some open-source material. And all of this takes time,” Grienberger said Tuesday on the sidelines of the CyCon conference in Estonia.

In announcing the attribution to the GRU, the German foreign minister said that the attack "will not remain without consequences" for Russia. Germany also summoned its ambassador to Russia back to Berlin "to listen to our description of what happened, who we think is responsible, and that we reject this way of interfering," Grienberger said.

She called the 2023 hack "a very dangerous and destructive move," likely intended "to undermine democratic society" ahead of the European parliamentary election in June.

Russia previously "categorically rejected" allegations of its involvement in the hack, calling them "unproven and unfounded."

Grienberger said that the attribution of the attack is not necessarily meant to change the adversary's behavior. "What we want is to strengthen the norms and show that we cannot accept that someone violates the cyber norms without us commenting on it. We also want to signal to the broader audience in the UN that this is unacceptable behavior."

Germany is observing a steep increase in cyberattacks originating from both state actors and cybercriminals linked to Russia, according to Grienberger.

Russian ransomware gangs are attacking the country’s private companies as well as public services "basically every day or every week." Kremlin-backed state hackers are also targeting the country’s critical infrastructure and government institutions. 

"There’s a constant level of alert" in Germany in relation to cyberattacks, according to Grienberger. "No time to relax," she added.