As soon as Russia invaded Ukraine at the end of February 2022, the Federal Office for Information Security (BSI) raised the possibility that Germany could be the target of cyberattacks. According to information provided by the German Cyber Defense Center, these could be attacks on “high value goals“, which can refer to critical infrastructures (energy suppliers, military installations, etc.), as well as political figures. But so far only a few small operations have been detected. Already targeted by SolarWinds or Ghostwriter offensives, Germany is not an unattractive target for hackers close to the Kremlin, but Russia today prefers conventional warfare to cyber warfare.
Phishing campaigns have been detected
For a month now, German intelligence agencies have been waiting for a massive operation that will crown the preliminary attacks launched at the beginning of the conflict, which they have already identified. Thus, in early March 2022, a new Ghostwriter hacking campaign was revealed, which is believed to be organized by the Russian military intelligence, the GRU. phishing which has already harassed Germany during the election campaign in the summer of 2021; The hackers then managed to steal data and documents belonging to parliamentarians and politicians by gaining access to their email accounts through phishing emails. The Federal Office for the Protection of the Constitution now fears a possible operation hack and leakthat is, leaking these stolen data, or hacking into information portals or journalists’ social media accounts, in order to spread false information.
Invasion of the oil group’s servers
Germany is also in the spotlight of the Anonymous collective, which sided with Ukraine and declared “cyber war” on the Kremlin. Thus, the “hacktivists” from Anonymous Deutschland launched an operation against the German “daughter” of the Russian oil group “Rosneft” and got their hands on 20 terabytes of data. With access to the servers for two weeks, they would have captured data backups of approximately 60 computers and mobile phones, but would not have touched the system or control installations. Rosneft is the largest oil producer in Russia; its German subsidiary, whose supervisory board is chaired by former Chancellor Gerhard Schröder, is the Rhine’s third-largest crude oil refiner. Because Rosneft is part of a critical infrastructure, BSI has issued a cybersecurity warning to other oil sector companies.
Are cyber attacks an overestimated danger?
In another incident, it is noted that the KA-SAT satellite network, owned by the American operator Viasat and used by Ukraine for emergency communications, went out of order at the very moment of the invasion into the country. This failure has had repercussions worldwide, and in Germany in particular, as the network is being used to remotely monitor thousands of wind turbines. While the BSI mentioned at the start of the conflict “high risk situation“A month after the start of the war in Ukraine, Germany recorded only a few minor and unrelated incidents. Does this mean that the danger of cyber attacks is overestimated?