Germany links cyberattack on research group to Russian state-backed hackers

German authorities suspect that Russian state-backed hackers were behind a recent cyberattack on a prominent Berlin-based research institute focused on Eastern Europe, the second such incident involving the organization in recent months.

The German Association for Eastern European Studies (DGO) said the attack at the end of March was "highly professional" and targeted email systems, bypassing enhanced cybersecurity measures put in place after a previous breach in October 2024 with suspected Russian links.

German intelligence officials believe the intrusion may be linked to APT29, also known as Cozy Bear, a group allegedly affiliated with Russia’s Foreign Intelligence Service (SVR), local media reported. 

While German security agencies have not publicly attributed the attack, the DGO claimed the origin was Russian.

"The incident confirms the assessment by intelligence services that institutions like the DGO are in the crosshairs of Russia’s hybrid warfare," the group said in a statement. "The aim is to influence democratic discourse in Germany."

In July, Moscow authorities designated the DGO an "extremist organization" and banned its operations in Russia. Such a label also carries legal risks for Russian citizens who collaborate with the group.

At least 27 German institutions across politics, academia and civil society have been deemed "undesirable" or "extremist" by Moscow, according to the research institute. These groups are increasingly targeted by state-sponsored cyber campaigns, it said.

“Many of the affected organizations are closely connected to government ministries and agencies, which must also be seen as targets,” the statement added.

German lawmakers condemned the cyberattack as part of Moscow’s broader campaign against European democratic institutions.

“This is an assault on Germany's Eastern Europe experts and on academic freedom,” Robin Wagener, head of the German delegation to the Parliamentary Assembly of the Organization for Security and Cooperation in Europe, told the newspaper Bild. “Putin’s intelligence services aim to intimidate and pressure our scientists.”

Germany’s domestic intelligence agency (BfV) has previously warned of an escalating threat from Russian espionage, sabotage and disinformation operations. According to the agency, the Kremlin is engaged in an "information war" designed to sow division, erode support for Ukraine, and shape German political decisions.

Researchers have identified at least 22 state-sponsored hacker groups actively targeting German public institutions and private sector entities, including Russia-linked APT29 and APT28.