News Hub

Alphabet cyber unit uncovers perpetrator of German political cyberattack

Written by Mon 25 Mar 2024

Alphabet’s cyber unit, Mandiant, said it had intercepted a hacking group that launched a cyberattack to deceive key German political figures.

Attributed to APT29, the phishing email attack was disguised as an invitation to a dinner event scheduled for 1 March and supposedly hosted by the Christian Democratic Union (CDU), a centre-right political party in Germany.

Reuters reported that Germany’s Federal Office for Information Security (BSI) issued an alert regarding the incident. The alert suggested cyber spies supported by a state actor were focusing their efforts on German political parties during the cyberattack. Their goal appeared to be establishing persistent access to these networks over an extended period and extracting data from them.

Mandiant said the operation was consistent with APT29’s activities since 2021, which utilised the initial payload ROOTSAW, also known as EnvyScout, to introduce a new backdoor variant called WINELOADER. A payload is the component of the attack which causes harm to the victim. 

“Notably, this activity represents a departure from this APT29 initial access cluster’s typical remit of targeting governments, foreign embassies, and other diplomatic missions, and is the first time Mandiant has seen an operational interest in political parties from this APT29 subcluster,” said Mandiant.

This marks the first time Mandiant has observed the group employing lure content in German. The CDU said it has been targeted by digital attacks from domestic and foreign sources.

The alert and Mandiant did not offer specifics regarding the responsible party or the specific targets.

Last month, Prime Minister Gabriel Attal’s office said several French Government departments had been hit with cyberattacks of ‘unprecedented intensity’. 

The hacking group Anonymous Sudan claimed responsibility for the attacks in online posts. The French Prime Minister’s office and digital safety agency declined to comment on the claim or reveal details about the targets or potential damage.

Join Cloud & Cyber Security Expo Frankfurt

22-23 May 2024, Messe Frankfurt

Cloud & Cyber Security Expo Frankfurt is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Written by Mon 25 Mar 2024

Send us a correction Send us a news tip