US Denounces Russian Cyberattacks Targeting Germany, EU Nations

Russian Cyberattacks - Security Operations Center

The United States has formally denounced a series of cyberattacks orchestrated by Russia’s General Staff Main Intelligence Directorate (GRU), commonly identified as APT28, targeting multiple European Union member states including Germany, Czechia, Lithuania, Poland, Slovakia, and Sweden. This condemnation aligns with concerted efforts alongside Germany to attribute a recent cyberattack on a German political party directly to APT28.

APT28, also recognized under aliases such as Fancy Bear, Strontium, and Forest Blizzard, is infamous for its extensive history of malicious cyber operations that disrupt and destabilize international affairs. The United States has previously taken legal action against affiliates of APT28, indicting and imposing sanctions on individuals linked to the group for their roles in significant cyber incidents. These include interference in the 2016 U.S. presidential elections and calculated hack-and-leak campaigns aimed at the World Anti-Doping Agency (WADA), designed to erode trust in the integrity of sports and international regulatory bodies.

In a recent collaborative cybersecurity effort, the U.S. Department of Justice (DOJ) has partnered with German authorities to dismantle a network used by APT28. This network consisted of hundreds of small office/home office routers that facilitated the group’s covert operations, including the exploitation of the CVE-2023-23397 vulnerability, which targeted entities within Germany. The DOJ’s intervention not only neutralized the immediate threat but also preemptively blocked GRU’s potential reentry to the devices, reinforcing the cybersecurity perimeter against future intrusions.

Russia’s aggressive cyber tactics starkly contravene the Framework for Responsible State Behavior in Cyberspace, endorsed by all United Nations Member States. Such actions undermine the collective commitment to a secure and stable international cyberspace landscape. In response, the United States has reaffirmed its dedication to the security of its allies and the enforcement of the rules-based international order, which includes the cyber domain.

In urging Russia to cease its malignant cyber activities, the United States, alongside EU and NATO allies, is intensifying efforts to disrupt ongoing Russian cyber operations. Through collaborative defense and proactive cybersecurity measures, the allied nations aim to safeguard their citizens and uphold accountability within the international community against such disruptive actions.

We call on Russia to stop this malicious activity and abide by its international commitments and obligations,reads a statement issued by the U.S. State Department.

With the EU and our NATO Allies, we will continue to take action to disrupt Russia’s cyber activities, protect our citizens and foreign partners, and hold malicious actors accountable.