German spy service says Russia behind major cyber attacks

Mr Hans-Georg Maassen from the Federal Office for the Protection of the Constitution (BfV) gestures during an interview in Berlin, Germany, on Aug 4, 2015.
Mr Hans-Georg Maassen from the Federal Office for the Protection of the Constitution (BfV) gestures during an interview in Berlin, Germany, on Aug 4, 2015. PHOTO: REUTERS

BERLIN (AFP) - Germany's domestic secret service on Friday (May 13) accused Russia of a series of international cyber attacks aimed at spying and sabotage, in "hybrid warfare" that also targeted the German parliament last year.

The operations cited by the BfV intelligence agency ranged from an aggressive attack called Sofacy or APT 28 that hit Nato members and knocked French TV station TV5Monde off air, to a hacking campaign called Sandstorm that brought down part of Ukraine's power grid last year.

"Cyberspace is a place for hybrid warfare. It opens a new space of operations for espionage and sabotage," said Mr Hans-Georg Maassen, who heads the BfV agency.

"The campaign's being monitored by the BfV are generally about obtaining information, that is spying," he said. "However, Russian secret services have also shown a readiness to carry out sabotage."

Germany itself fell victim to one of these rogue operations, with the Sofacy attack last year hitting the German lower house of parliament.

That Trojan operation also affected a computer in Chancellor Angela Merkel's legislative office, local media reported.

The BfV said the "cyber attacks carried out by Russian secret services are part of multi-year international operations that are aimed at obtaining strategic information." "Some of these operations can be traced back as far as seven to 11 years."

IT experts believe that Sofacy or APT 28 is a so-called phishing tool of the broader Operation Pawn Storm, that has been blamed for targeting Nato and the US government and military as well as Ukrainian activists and Russian dissidents.

The operation included the attempted hacking of the Dutch Safety Board's computer systems by Russian spies seeking to access a sensitive final report into the July 2014 shooting down of flight MH17 over Ukraine, according to security experts Trend Micro.

It also hit France's TV5Monde television channel last April, shutting down transmissions and placing jihadist propaganda messages on the station's website, Facebook and Twitter accounts.

The station had initially focused investigations on the IS group, after the perpetrators claimed to be members of the jihadist organisation.

But in June, a French judicial source put the blame on Russian hackers.

"Sandworm" meanwhile refers to a group of hackers who deploy the malware known as Black Energy and KillDisk through phishing emails.

BfV said Sandworm targeted not just government posts, but "was also aimed at telecommunications companies, energy providers as well as higher education facilities".

The West has been boosting resources and tightening cooperation to fight the mounting threat of international cyber attacks, with cyber defence designated as a core Nato task.