Enlarge image
Federal Office for the Protection of the Constitution in Cologne
Photo: Oliver Berg/ DPA
The »Ghostwriter« hacker campaign, allegedly controlled by the Russian secret service, launched a new wave of attacks in Germany shortly after the start of the Ukraine war.
This emerges from a security notice from the Federal Office for the Protection of the Constitution.
"Due to renewed, current attacks by ghostwriters in March 2022 against people in Germany, special caution is required," says the letter to representatives of the German economy.
The hackers try to gain access to e-mail accounts with so-called phishing e-mails.
The Federal Office warns that the lure mails are currently coming from the harmless-sounding address t-online.de@comcast.net.
According to the Office for the Protection of the Constitution, ghostwriters have already “successfully captured data from elected officials and other political targets” in the past.
These could possibly be made public via so-called "hack and leak" operations and misused for disinformation campaigns.
According to the authority, there is also a risk that attackers will hijack journalists' news portals or social media accounts in order to spread false reports via these channels.
Smear campaigns on the web
The »Ghostwriter« group has already acted in a similar way in Eastern Europe and the Baltic States.
In Lithuania, for example, the hackers posted a fictional message about German soldiers desecrating a Jewish cemetery on a website.
In Poland, the attackers took over the Twitter account of a politician from the ruling PiS party and published intimate photos of a party friend - a modern form of character assassination.
In Germany, the hackers sent lock mails to dozens of members of the Bundestag and state parliaments in the super election year of 2021.
They aimed to gain access to private mailboxes or social media accounts - in some cases with success.
So far, however, there have been no smear campaigns with the captured data.
The German security authorities assume that "Ghostwriter" is controlled by Vladimir Putin's military intelligence service GRU.
According to security experts, the hackers are being supported by the Belarusian cyber troop UNC 1151. Since last summer, the Attorney General in Karlsruhe has been investigating in this connection.
Sabotage by Russian services?
In Berlin, the fear of cyber attacks in Germany has increased noticeably in the past few days.
In several letters to politicians and companies, the Office for the Protection of the Constitution warns that there is an increased risk of attacks “against German bodies, including companies” because of the sanctions against Russia and arms deliveries to Ukraine.
The Russian services "undoubtedly" had the ability to "significantly and permanently sabotage" both critical infrastructure and military facilities and political operations, writes the agency.
According to SPIEGEL information, members of the Bundestag have also received a handout from the Office for the Protection of the Constitution in the past few days, in which they are warned of typical tricks used by cyber attackers.
"Distrust all e-mails that ask you to take urgent action," it says, for example.
»Never click on links or attachments in suspicious emails.« And above all: »Never give out your passwords.«
mgb/wow