Cyberattack on SPD Party Headquarters: APT28 Group and Russian GRU Involved

In January 2023, the German SPD party headquarters was targeted in a cyberattack that also affected numerous other companies and institutions. According to the Federal Ministry of the Interior, the attackers exploited a vulnerability in Outlook for Windows, which had been known since at least March 2022. Microsoft only closed the vulnerability two months after the attack, in mid-March 2023. The attackers used the security gap as a backdoor to gain increased privileges and access to hashed user passwords.

The attack has been attributed to the APT28 group, which is believed to be controlled by the Russian GRU intelligence agency. The attackers allegedly used a botnet to carry out the attack, and targeted companies in the logistics, arms, air, and space industries, as well as various foundations and associations. In addition, targets were also hit in the Czech Republic, Ukraine, and other supporting states.

The German government has condemned the attack, with Foreign Minister Annalena Baerbock stating that it is “clearly attributable to the APT28 group, which is controlled by the Russian GRU.” The Federal Ministry of the Interior has also summoned the business representative of the Russian embassy in Berlin to protest the actions. The German government is taking this as an opportunity to increase its protection against hybrid threats in light of the upcoming European elections.

Interior Minister Nancy Faeser (SPD) emphasized that there will be an increase in foreign disinformation and manipulation attempts in the information space during the election year. “We must especially fortify ourselves against hacker attacks, manipulations, and disinformation,” she said.

The attack highlights the ongoing threat of cyberattacks and the need for increased vigilance and protection against these types of threats. It also serves as a reminder of the importance of staying informed and up-to-date on the latest developments in the cybersecurity landscape.