Skip to content
NewsUkraineCyberattacksSentHabeckDnl

Russian Cyber Assault on an Eastern European Club Examined by BSI

Eastern Europe under scrutiny as BSI investigates Russian cyber assault.

 and  ASMedia
3 min read
Russian Cyber Attack Targeted German Society for the Study of Eastern Europe, as Revealed by Last...
Russian Cyber Attack Targeted German Society for the Study of Eastern Europe, as Revealed by Last Year's Incident (Symbolic Imagery: Representative Image) - Photo Provided.

- Russian Cyber Assault on an Eastern European Club Examined by BSI

Hold on tight, folks! We're diving into the juicy details of a high-profile cyberattack that's been stirring up quite a buzz. A suspected Russian cyber onslaught on the German Society for Eastern European Studies, or DGO, is giving Germany’s security agencies a run for their money. We're chatting about this undercover operation, the hacker group linked to an intelligence agency, and how other organizations in Berlin might be in the crosshairs.

First off, let's spill the tea on the bad boys behind this mess: Bild reported that the cyberattack could be the work of APT 29, also known as "Cozy Bear." This gang is said to be controlled by the Russian intelligence agency SWR, y'all! If that doesn't sound shady enough, these same Kremlin hackers are rumored to have attacked several German political parties using malware.

The DGO, tipped off by multiple accesses to its mail server from a shady IP address, went public about the cyberattack at the end of March. They already had their guards up after a similar attack in the previous year. Unfortunately, as an association with numerous members but a lean staff, the DGO may have found it challenging to defend itself against these skilled hackers.

The Steamy Scoop

Been paying attention? Here are some steamy deets you may have missed:

  • Target: The DGO, a prominent organization focusing on Eastern Europe.
  • Suspects: Russian state-backed hackers, possibly linked to APT29 (Cozy Bear), a group affiliated with Russia’s Foreign Intelligence Service (SVR).
  • Method: The attackers slipped past heightened cybersecurity measures to access the DGO's mail server and snag a giant haul of emails.
  • Professionalism: The attack was deemed "highly professional" by the DGO.

Still with me? Let's get intel on the legal side of things:

  • Russian Designation: The DGO was designated as an "extremist organization" by Moscow in July, a move that could legally snare Russian citizens collaborating with it.
  • Targeting Profile: Organizations like the DGO often find themselves in the crosshairs of Russian state-sponsored actors, being labeled "undesirable" or "extremist" by Moscow.

The Current State of the Investigation

Germany's security agencies have been jammed up, working with the DGO, the Federal Office for the Protection of the Constitution, the Verfassungsschutz, and the Federal Office for Information Security (BSI) to crack this case. While no official word has been given on who's behind the attack, it's rumored to be APT29, with German media suggesting a tie to the hacker group.

The Broader Threat Landscape

The attack on the DGO is seen as part of a nefarious Russian scheme to destabilize democratic institutions and discourse in Germany. Approximately 27 German institutions have fallen victim to such designations, making them potential targets for future cyberattacks. Moreover, some organizations have reported not only cyber threats but also physical surveillance and break-ins, hinting at a multi-front assault by the attackers.

The Impact on Berlin-Based Organizations

Organizations dealing with Russia and Belarus should brace themselves, as they fit the profile of organizations targeted by Russian state-sponsored actors. The attack on the DGO underscores warnings from German intelligence services regarding the increasing threat from Russian espionage and disinformation operations.

Stay vigilant, folks! The investigation into the elaborate cyberattack on DGO is still ongoing. In the meantime, don't forget to stay informed and keep a close eye on your surroundings. After all, knowledge is power—and knowing the signs of espionage and disinformation could save you from falling victim to these clandestine operations.

  • The suspected perpetrators of the prolonged cyberattack on the DGO, a community organization focusing on Eastern Europe, are Russian state-backed hackers, allegedly linked to APT29 (Cozy Bear), a group affiliated with Russia’s Foreign Intelligence Service (SVR).
  • Earlier this year, the DGO reported multiple accesses to its mail server from a questionable IP address, suggesting an employment policy breach, as the hackers managed to steal a substantial amount of emails.
  • Amidst the current investigation, authorities are urging Berlin-based organizations dealing with Russia and Belarus to strengthen their employment policies and cybersecurity measures to lessen the risk of becoming future victims of similar cyberattacks.

Read also:

Related

Latest