Hackers threaten to leak data after cyberattack on German party Die Linke

A Russia-speaking ransomware group claimed responsibility last week for a cyberattack targeting the German democratic socialist political party Die Linke, adding the organization to the list of victims on its dark web leak site and threatening to publish stolen data if a ransom is not paid.

The ransomware gang Qilin has been active since 2022, previously targeting hospitals, government agencies and private companies across Europe, Asia and the United States.

Die Linke confirmed in late March that its IT infrastructure had been hit by what it described as a “serious cyberattack.” The party said it had received information suggesting Qilin may be behind the breach.

“Such digital attacks, and especially the use of ransomware, are often part of hybrid warfare and an attack against critical infrastructure,” the party said in a statement.

Following the incident, Die Linke temporarily shut down parts of its IT systems to limit further damage and filed a criminal complaint with German authorities. The party warned that hackers may attempt to leak internal organizational data and personal information belonging to employees at its headquarters.

“It is impossible to assess whether and to what extent this will succeed or has already occurred,” the party said, adding that its membership database was not affected.

The party described the attack as part of a broader effort to undermine democratic institutions.

“Such attacks aim to weaken democratic structures and their actors. That a democratic party is the target appears, in this context, to be no coincidence,” the statement said.

Die Linke did not say whether it is negotiating with the attackers or considering paying a ransom.

German political parties have previously been targeted by cyberattacks. Earlier this year, the country’s leading opposition party, the Christian Democratic Union (CDU), reported a major cyber incident. Another breach affecting the Social Democratic Party (SPD) was previously attributed to Russian state-linked hackers known as APT28.

Although ransomware attacks are typically driven by financial motives, some groups, including Qilin, may also serve broader geopolitical goals linked to Moscow, Romania’s top cybersecurity official Dan Cimpean told Recorded Future News in an interview earlier this year.

“It’s in Russia’s interests to encourage those groups and make sure they are stronger and have financial autonomy,” he said.