A German intelligence agency has accused Russia of having conducted cyber-espionage campaigns against various international governments. The agency believes Russian hacker group Sofacy is responsible for a massive attack on the German parliament in 2015, which resulted in systems being down for several days.
The Federal Office for Protection of the Constitution (BfV) said Russia has been conducting "hybrid warfare" in cyberspace, which has so far targeted Nato members, taken a French TV station offline and shut down the Ukrainian power grid in 2015 as part of an attack by Sofacy. The hacking campaign has been called Sandworm.
BfV head Hans-Georg Maassen told the Guardian: "Cyberspace is a place for hybrid warfare. It opens a new space of operations for espionage and sabotage. The campaigns being monitored by the BfV are generally about obtaining information, that is, spying. However, Russian secret services have also shown a readiness to carry out sabotage."
The German intelligence agency said the cyberattacks launched by "Russian secret services" are "aimed at obtaining strategic information" and can be traced back "as far as 7-11 years". According to Maassen, the German government, educational as well as corporate institutions, especially those relating to energy and telecommunications are under a "permanent threat" from potential attacks.
IT specialists consider Sofacy or APT 28 to be a phishing tool belonging to the broader Operation Pawn Storm, which is credited with targeting the US military, Nato, Ukrainian activists and Russian separatists. Security expert Trend Micro claims the operation also attempted to hack into the Dutch Safety Board to access sensitive information pertaining to the 2014 shooting down of Malaysian flight MH17.
The operation is also believed to have targeted Angela Merkel's CDU party with phishing attacks, which have since compelled the party to improve its IT infrastructure. According to Trend Micro, Pawn Storm is one of the "oldest active espionage threat actors". However, it appears that the operation, despite its age, is still going strong and targeting several international organisations.