The hackers aimed to infiltrate the networks of these parties and steal sensitive data¹.
The US security firm Mandiant, a subsidiary of Google owner Alphabet, detected a phishing campaign aimed at German political parties¹. The hackers attempted to deceive key German political figures by sending emails posing as invitations to a fictitious dinner event hosted by the Christian Democratic Union (CDU) party¹.
The phishing emails contained German-language lure documents bearing the CDU logo¹. Victims who fell for the phishing attempt were directed to a malicious ZIP file hosted on a compromised website¹. This ZIP file contained the ROOTSAW dropper, which facilitated the delivery of subsequent malicious payloads¹.
Germany's cyber agency BSI circulated an alert, indicating that state-backed cyber spies aimed to establish long-term access to German political networks for the purpose of exfiltrating sensitive data¹. The CDU stated that this wasn't its first encounter with such attempts, and that they "received very prompt information about the attack"¹.
This is the first time APT29, also known as Cozy Bear and BlueBravo, among other aliases, has been seen targeting political parties¹. This marks a departure from its conventional attacks on diplomatic figures¹. APT29 gained infamy in 2020 for its involvement in the SolarWinds attack, which granted the Russian intelligence agency access to sensitive internal material from various US government departments¹.
This cyber-campaign is not solely directed at Germany but forms part of Russia's broader strategy to erode European backing for Ukraine¹.
References
(1) Russian cyber spies target German politicians in sophisticated phishing .... https://www.computing.co.uk/news/4189029/russian-cyber-spies-target-german-politicians-sophisticated-phishing-attack.
(2) Elite Russian hackers targeting German political parties, Google warns. https://uk.investing.com/news/stock-market-news/elite-russian-hackers-are-targeting-german-political-parties-google-warns-3398053.
(3) Is Cozy Bear targeting Western political parties with phishing attacks?. https://www.scmagazine.com/news/is-cozy-bear-targeting-western-political-parties-with-phishing-attacks.
(4) Elite Russian hackers targeting German political parties, Google warns .... https://www.swissinfo.ch/eng/elite-russian-hackers-targeting-german-political-parties%2c-google-warns/74111050.
(5) Russian hackers targeting German politicians — report - MSN. https://www.msn.com/en-us/news/world/russian-hackers-targeting-german-politicians-report/ar-BB1knDZR.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more