According to multiple reports coming out of Germany this week, on November 14th 2018, several members of Germany’s parliament fell victim to a spear phishing campaign, as well did Bundeswehr, Germany’s civilian military wing, and several of the countries international embassies. Reportedly, using a hyperlink disguised as a message from the United Nations, Russian state actors were able to secretly install malware on the computers of any victims whom clicked on it – granting the hackers remote access to their devices.
More than two weeks later now, all said and done, malware samples have been recovered in at least 25 state owned computers across Germany, and it’s now confirmed that 16 members of Parliament had their personal email inbox’s/outbox’s stolen/cloned. According to a press release from the Federal Office for the Protection of the Constitution (BFV), German authorities are “highly confident” that have successfully been able to trace the attack back to a Russian Advanced Persistent Threat (APT) going by the name of “Snake” or “Turla,” also known to have carried out extensive attacks on Germany’s internet infrastructure in the past – most notably during the months leading up the 2016 Berlin State elections. With that said however, as was reported by The Moscow Times on November 30th 2018, “Russia has repeatedly denied that it is involved in cyber attacks on German institutions.”
All said, approximately 16 gigabytes of data was successfully downloaded and exported to 9 different servers across the world, all believed to belong to the Kremlin or State actors operating on their behalf. While the contents of Microsoft Outlook email inboxes was the primary target of the hack, further investigation into the incident has revealed that hackers were also able to obtain countless Microsoft documents tied/attached to the accounts. With that said however, even German investigators report that “it is impossible to know exactly what was stolen,” ominously adding that “only the parliamentarians know what they wrote in their emails. They and the hackers.”
German domestic intelligence service BfV confirms to @DerSPIEGEL, the #FSB's "Snake" malware hackers attacked the German army, Embassies and German parties.
Attack was detected on November 14.https://t.co/geIJ1l7pH3#PutinAtWar
— Julian Röpcke (@JulianRoepcke) November 29, 2018