At least seven members of Germany’s Bundestag and 31 members of the state parliament have been targeted by a hack that is believed to be the work of Russia’s GRU military intelligence unit, German newspapers reported Friday.

Frank Bergmann, a spokesman for the Bundestag, told The Record that the parliamentary body was promptly informed of the incident by government authorities, and all members of parliament who were affected were notified. According to information available so far, Bergmann said there was no direct attack on the infrastructure of the German Bundestag.

The attacks were believed to have been carried out via phishing emails directed to the private email addresses of the politicians, according to German news service Der Spiegel.

The attacks was reportedly carried out by members of a campaign called “Ghostwriter,” which has been operational since at least 2017, according to FireEye.

Ghostwriter’s operational timeline, courtesy of FireEye.

The cybersecurity firm released a report on the group last year that described it as a broad influence campaign that aligned with Russian security interests. Lithuania, Latvia, and Poland have been the group’s primary targets in the past, and it typically leverages website compromises or spoofed email accounts to disseminate fake content, including falsified correspondence from military officials. The report does not describe the hacking of real politicians, though FireEye said the group doesn’t necessarily stick to a specific playbook.

“There is no modal Ghostwriter operation, with different combinations of tactics being employed and the order and nature of dissemination often changing from incident to incident,” the report reads.

According to German security authorities, it wouldn’t be the first time that Russia’s military intelligence service targeted the Bundestag: Several computers, including those in the office of Chancellor Angela Merkel, were targeted in 2015, and attackers were able to steal several gigabytes of data. Last May, Germany’s federal prosecutor issued an arrest warrant against Dmitry Badin, the main suspect in the attack and an assumed member of a GRU hacking unit.


administrator

Editorial Director, The Record by Recorded Future

Freelance writer