Russian hackers target German opposition with fake dinner party

Hackers linked to Russia’s foreign intelligence service have targeted German opposition politicians with malware-laced invites to a bogus dinner party.

The attempt to penetrate sensitive computer systems run by Germany’s Christian Democratic Union — the party of former chancellor Angela Merkel — occurred last month, but was revealed on Friday by party officials and cyber security analysts who warned of more Russian efforts to compromise political parties across Europe.

The fake email sent to CDU officials, written in German, invited addressees to an “evening meal with regional party officials” on March 1 and included a questionnaire to be filled in with personal details. “Dress code: business smart,” it read.

The attempted hack was uncovered by the US cyber security company Mandiant, owned by Google.

“We received information about the attack very promptly and we are monitoring [the situation] constantly,” the CDU said. “We are continuously working to keep our systems defensive against digital threats and attacks.”

Germany’s domestic intelligence agency, the Office for the Protection of the Constitution, has sent out a warning to all political parties.

It comes just weeks after Russian authorities humiliated Berlin by publishing a leaked recording of top German military officers discussing issues surrounding sensitive weapons systems being delivered to Ukraine.

The attack on the CDU differs in that its purpose was likely more stealthy, experts said.

Mandiant said the Russian hacking group known as APT29, sometimes called “Cozy Bear”, was responsible. The group works for Moscow’s foreign intelligence service, the SVR, according to declassified intelligence from the Five Eyes intelligence alliance, comprising the US, UK, Canada, Australia and New Zealand.

The SVR’s objectives are usually to provide the Kremlin with secret information to help inform decision-making, rather than material which can be weaponised for disinformation purposes. The latter practice is usually left to the SVR’s rival agency, the GRU, which also conducts assassinations and sabotage, according to western governments.

The SVR’s targets are typically diplomats, military brass and government officials, rather than politicians.

Although Cozy Bear has targeted political parties before — most notably the Democrats in the US and Emmanuel Macron’s party in France — its focus on the CDU this year is “an early warning” of more to come, said Mandiant analyst Dan Black.

“The bread and butter of APT29 attacks are attempts against diplomatic missions and so on. This is different and is a leading indicator.”

“They will try again and again,” Black said. Cozy Bear “is in the long game. This isn’t a smash and grab kind of attack. When they pick targets they will continue to try and gain access.”

The hacker group appears to have had a huge increase in resources given to it to mount such attacks in the last year, Black added, based on the simultaneous campaigns it was now mounting.