Germany still not affected by Russia-linked cyberattacks

It is often difficult to say how Germany classifies an attack as "related to the Russian invasion", as this is decided by various cyberdefence agencies that cooperate with each other. [vs148/Shutterstock]

Germany has not been affected by cyberattacks that can be traced back to Russia, the government has confirmed, despite other EU countries experiencing a sharp increase. However, this may be due to how Germany defines such attacks. EURACTIV Germany reports.

Since Russia invaded Ukraine on 24 February, Germany has not yet become the target of cyberattacks that can be demonstrably attributed to Russian sources, the government confirmed following a question from the conservative CDU/CSU parliamentary group on Wednesday (4 May).

While this may appear surprising, details are crucial when interpreting such data, Sven Herpig, head of international cybersecurity policy at the think tank Stiftung Neue Verantwortung, has said.

“Just because nothing else is known does not mean that there were no incidents. But these may not be accurately attributed,” Herpig told EURACTIV.

The current situation suggests Russia is instead focusing on Ukraine with cyber operations, said the expert, adding that countries have different ways of measuring cyberattacks.

West warns of Russian cyberattacks on critical infrastructure

Western governments jointly warned on Wednesday (20 April) about a potential threat of increased malicious cyber activity by Russia against critical infrastructure as a response to sanctions imposed as punishment for its invasion of Ukraine.

The Romanian example

The number of cyberattacks in Romania has increased exponentially, rising from 100 per day at the end of February to 11,414 on 3 May, according to figures from the country’s National Directorate for Cyber Security.

“The reported cyberattacks were mainly DDoS attacks. The severity levels are low and almost none were successful,” a spokesperson of the national cybersecurity body told EURACTIV.

Such DDoS attacks, in which artificial overloads make the attacked websites inaccessible, are relatively easy to carry out and only require a low level of technical expertise – something that is reflected in €80-€1,500 per month such attacks can be purchased for on the darknet, the German criminal police office wrote in a report for 2020.

Romania’s cybersecurity body also recorded disinformation and fake news as cyber attacks. “So this is a purely quantitative listing,” according to Herpig.

To determine whether cyberattacks are linked to Russia’s war in Ukraine, relevant national cybersecurity authorities match IP addresses with threat patterns used by actors who engage in Russia’s war via cyber actions, a spokesperson of Romania’s cybersecurity body told EURACTIV.

“One of the cyber-crime groups responsible for the DDoS attacks initially claimed responsibility for the attacks on its Telegram account, justifying them by Romania’s support for Ukraine in the ongoing conflict,” the spokesperson added.

According to information provided by Romania’s cybersecurity body, the group has also targeted NATO and countries like the Czech Republic, Moldova, Lithuania, and Germany.

Romanian citizen in UK suspected of helping Russian hackers

A Romanian citizen in the UK is suspected of assisting the Killnet hacker group in its cyberattack against Romanian websites.

The Romanian citizen, who is now in the custody of British authorities, has offered his support by translating the materials of …

A matter of interpretation

However, it is often difficult to say how Germany classifies an attack as “related to the Russian invasion”, as this is decided by various cyberdefence agencies that cooperate with each other.

To determine whether attackers play or have played a role in Russia, investigations are carried out in cooperation with the Federal Office for Information Security (BSI), said Herpig.

“But there is no fixed framework here, it’s a matter of interpretation,” Herpig added.

[Edited by Nathalie Weatherald]


This stakeholder supports EURACTIV's coverage of Cybersecurity. This support enables EURACTIV to devote additional editorial resources to cover the topic more widely and deeply. EURACTIV's editorial content is independent from the views of its supporters.


Subscribe to our newsletters