Berlin blamed the 2023 attacks, which targeted the governing Social Democrats as well as the logistics, defence, aerospace, and IT sectors, on a hacker group linked to Moscow’s GRU military intelligence service

Germany has summoned the acting representative of the Russian embassy over a series of cyber-attacks targeting members of the governing Social Democrats as well as its defence and technology sector.

Berlin blamed the attacks on a hacker group linked to Moscow’s GRU military intelligence service.

“We and our partners will not tolerate these cyber-attacks and will use the entire spectrum of measures to prevent, deter, and respond to Russia’s aggressive behaviour in cyberspace,” a German foreign ministry spokesperson said Friday.

The 2023 attacks, in which several websites were knocked offline in apparent response to Berlin’s decision to send tanks to Ukraine, targeted the logistics, defence, aerospace, and IT sectors, the interior ministry said in a statement.

The ministry said APT 28, a hacker group which reports to the Russian military service, exploited a then-unknown vulnerability in Microsoft Outlook over a longer period of time in order to compromise email accounts.

“Today we can say unambiguously [that] we can attribute this cyber-attack to a group called APT28, which is steered by the military intelligence service of Russia,” German Foreign Minister Annalena Baerbock told a news conference during a visit to Australia.

“In other words, it was a state-sponsored Russian cyber-attack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.”

The Czech Republic said its institutions had also been targeted. “Czechia has long been targeted by the APT28. Such violations are in violation of UN norms of responsible state behaviour,” the country’s foreign ministry said Friday.

A spokesperson for the German interior ministry said that “the security gaps must be actively closed and we are pushing for this to happen".

An international operation led by the United States’ FBI in January had prevented devices compromised in the attacks from being misused for cyber espionage operations worldwide, the ministry said.

“The Russian cyber-attacks are a threat to our democracy, which we are resolutely countering,” German interior minister Nancy Faeser said, adding that Germany was acting alongside the European Union and NATO.

“Under no circumstances will we allow ourselves to be intimidated by the Russian regime.”

Faesar said it was particularly critical to counter such attacks from Russia ahead of the European Parliament elections in June and other elections this year.

The EU condemned the “irresponsible” cyber-attacks on Germany and the Czech Republic on Friday, revealing that “state institutions, agencies, and entities in member states, including in Poland, Lithuania, Slovakia, and Sweden have been targeted by the same threat actor before”.

NATO also condemned the “malicious” attacks and said they were a reminder that “cyber threat actors persistently seek to destabilise the alliance”.

Russia has denied past allegations by Western governments of being behind cyberattacks.

Its embassy in Germany said Friday that it “categorically rejected the accusations that Russian state structures were involved in the given incident … as unsubstantiated and groundless”.

APT28, also known as Fancy Bear or Pawn Storm, has been accused of dozens of cyber-attacks in countries around the world. According to Germany’s domestic intelligence agency, it is one of the most active and dangerous cyber actors worldwide.

The UK’s National Cyber Security Centre has described the unit, which has been active worldwide since at least 2004, as “a highly skilled threat actor” that has “used tools including X-Tunnel, X-Agent, and CompuTrace to penetrate target networks”.