Categories: CyberCrimeSecurity

Russian Hackers Lure German Politicians With Fake Dinner Party Invite

Hackers working on behalf of a Russian intelligence service last month targeted German political parties with malware hidden in an emailed invitation to a fictitious dinner party, according to an alert from Germany’s cybersecurity agency and Google-owned computer security firm Mandiant.

The email supposedly invited politicians to a 1 March dinner party hosted by the Christian Democratic Union (CDU), the party of former chancellor Angela Merkel, which has been in opposition since its defeat in 2021 federal elections.

It contained malware in an effort to infiltrate political parties’ systems to gain information for Russia’s foreign intelligence service, the SVR, which gathers intelligence for government decision-making.

Mandiant said the campaign was carried out by a cluster within the threat group APT29 that usually targets governments, foreign embassies and other diplomatic missions.

APT29 lure document branded with CDU logo. Image credit: Mandiant

Further attacks likely

The attack, carried out in late February, represented a departure for this threat cluster and indicates the SVR is likely to continue sponsoring such attacks on “European and other Western political parties from across the political spectrum”.

The attack “almost certainly reflects the SVR’s interest in gleaning information from political parties and other aspects of civil society that could advance Moscow’s geopolitical interests”, Mandiant said in an advisory.

“APT29’s interest in these organisations is unlikely to be limited to Germany,” the company warned.

“Western political parties and their associated bodies from across the political spectrum are likely also possible targets for future SVR-linked cyber espionage activity given Moscow’s vital interest in understanding changing Western political dynamics related to Ukraine and other flashpoint foreign policy issues.”

Ukraine conflict

Based on recent activity from other APT29 subclusters, attempts to achieve initial access beyond phishing may include attempts to hack into cloud-based systems or brute-force methods such as password spraying, Mandiant said.

“This latest targeting is not just about going after Germany or its politicians; it is part of Russia’s wider effort aimed at finding ways to undermine European support for Ukraine,” Mandiant analyst Dan Black said in a statement.

Mandiant has said that simultaneous campaigns mounted by APT29 shows it appears to have had a huge increase in resources in the last year.

An alert from Germany’s BSI cybersecurity agency relating to the same attack said state-backed hackers were targeting German political parties in an effort to gain long-term access and exfiltrate data.

European elections

The BSI said “upcoming European elections” spurred intensified interest in spying on politicians.

On 1 March Russian media published a 38-minute recording of a call in which top German military officers discussed issues surrounding sensitive weapons systems being delivered to Ukraine in a highly embarrassing leak.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Tech Groups Call On US DoJ To Investigate YouTube Monopoly

Open letter urges US Department of Justice to investigate Alphabet's YouTube for alleged domination of…

7 hours ago

EU To Impose Tariffs Up To 38 Percent On Chinese EVs

European Commission investigation provisionally concludes China offers unfair subsidies to its EV makers – tariffs…

8 hours ago

CIOs Admit AI Is Investment Priority, Just Ahead Of Security, Cloud

Challenges to enterprise growth ambitions include geopolitical issues, inflation and economic uncertainty, Expereo's IDC report…

11 hours ago

Nvidia Completes Stock Split To Make Shares More Affordable

The 10-for-1 stock split at Nvidia has taken place, after the meteoric share price rise…

13 hours ago

Elon Musk Drops OpenAI Lawsuit, Threatens Apple Ban

Surprising twist by Elon Musk after he ditches lawsuit against OpenAI, and also threatens to…

14 hours ago