Cyberattack on SPD and others: Russian attackers exploited Outlook gap
In the attack, which hit the SPD party headquarters in 2023, among others, the perpetrators exploited a loophole in Outlook and used a botnet.
(Bild: Tero Vesalainen/Shutterstock.com)
The attack in January 2023, in which the SPD executive board was attacked via a security vulnerability in Outlook, also affected a large number of other companies and institutions. This was confirmed by the Federal Ministry of the Interior on Friday.
According to the authorities, the attacks also targeted companies in the logistics sector as well as the defense, aerospace and aviation industries. Some foundations and associations were also affected. In addition to German entities, targets in the Czech Republic, Ukraine and other countries supporting them were also targeted by APT-28 as part of this campaign.
Vulnerabilty in Outlook
The attackers exploited the vulnerability in Outlook for Windows known as CVE-2023-23397, which had existed since at least March 2022 and which Microsoft only closed two months after the attack in mid-March 2023.
The attackers are said to have used the vulnerability as a gateway to gain elevated privileges and access to hashed user passwords. APT-28 is also said to have used a network of insecure Ubiquity Edge routers infected by MooBot for the attack, which was patched remotely in a joint operation by the FBI, BKA and other police forces worldwide in February.
No sabotage
The attackers appear to have been primarily concerned with espionage: the German authorities are not aware of any acts of sabotage, which could also cross the line into acts of war under international law, in the course of the attack by the actors also known as "Fancy Bear". Unlike sabotage, digital espionage is comparatively harmless under international law, even if it is a violation of the UN rules for responsible behavior in cyberspace.
"We can now clearly attribute this attack from last year to the APT28 group, which is controlled by the Russian Secret Service GRU," said Federal Foreign Minister Annalena Baerbock on Friday. The Federal Foreign Office summoned the chargé d'affaires of the Russian embassy in Berlin at midday to formally protest against the action.
The German government is taking this as an opportunity to ramp up "protective measures against hybrid threats regarding the European elections". "This year, with the European elections and other elections, we must arm ourselves particularly well against hacker attacks, manipulation and disinformation," said Federal Minister of the Interior Nancy Faeser (SPD). An increase in foreign disinformation and manipulation attempts "in the information space" is to be expected during the European elections.
(mki)
