Kremlin-linked Fancy Bear hackers targeted two German think tanks with ties to Angela Merkel's ruling coalition parties Christian Democratic Union (CDU) and Social Democratic Party (SPD), according to security researchers.
The cyberespionage group, which is also known as Sofacy, Pawn Storm and APT28, is seeking to influence public political opinion relating to upcoming elections in Europe, security experts have said. The attacks reportedly occurred in March and April.
Fancy Bear, widely considered to be behind the cyberattacks against the DNC (Democratic National Committee) and Hillary Clinton's campaign in the 2016 US presidential election, was also found targeting French presidential candidate Emmanuel Macron, a recent report by security researchers at Trend Micro had revealed.
Kremlin dismisses hacking claims as "nothing but fake news"
However, the Kremlin has dismissed claims of Russian hackers having targeted Macron's campaign. According to a report by Russian state media RT, Dmitry Peskov, spokesperson for Russian president Vladimir Putin said, "It resembles the accusations made by Washington, which to this day remain hollow, doing no honor to the people making them."
RT reports Peskov as saying that Moscow would be "extremely grateful if this [cybersecurity] research group [Trend Micro] could send us some information [regarding the alleged attack] and we could check it out."
"As things stand now, it's nothing but fake news," Peskov added.
Attacks on think tanks may be a "stepping stone"
However, according to Trend Micro senior threat researcher Feike Hacquebord, the attacks against the German think tanks suggest that the hacker group may be trying to go after other European political parties in the future.
"I am not sure whether those foundations are the actual target. It could be that they used it as a stepping stone to target, for example, the CDU or the SPD," Hacquebord told Reuters.
Experts have previously said that Fancy Bear hackers targeted Merkel's party in 2016. Although other security experts as well as US government officials have linked the hacker group to the Russian military intelligence unit GRU, Trend Micro refrained from providing any attribution to the group.
FireEye's Paris-based technical director David Grout told Reuters, "What we are seeing is kind of a replication of what happened in the United States."
German officials told Reuters that politicians fear sensitive emails stolen by Russian hackers in 2015 could be used in the lead up to the election to undermine Merkel, who is seeking to run a fourth term.
Reuters reports that Fancy Bear hackers set up a fake computer server, located in Germany, at kasapp.de to launch phishing attacks against the CDU party's Konrad Adenauer Foundation (KAS). Yet another server based in Ukraine at intern-fes.de was used to target the SPD's Friedrich Ebert Foundation (FES).
A KAS spokesperson said that Germany's federal cybersecurity agency (BSI) had warned the foundation in March of "peculiarities". However, a network scan performed by the BSI found "nothing suspicious".
The German security agency and the FES are yet to comment on the matter.