Cyberattacks on the German Armed Forces — the Bundeswehr occur almost daily. Although serious losses have been avoided so far thanks to modern technical means and qualified specialists, the threat is growing, writes the German publication Tagesschau.
Two incidents in June, reported by German media WDR, NDR and Süddeutsche Zeitung, have become particularly alarming. Initially, a cyberattack targeted a Hessian company working as a service provider in the field of satellite communications for the country's Ministry of Defense.
It is assumed that the digital attack on the company from Hesse was carried out using ransomware. In such attacks, perpetrators usually encrypt the victim's data and IT systems and release them only after a ransom is paid. According to initial reports, the attack used malware attributed to a Russian hacker group, sources told the publication.
During the initial assessment of the incident by security agencies, it was stated that a leak of classified information was likely. Additionally, operational information might have been affected, which could have jeopardized the security of Bundeswehr missions. However, experts currently believe that the damage is likely to be limited.
«According to available data, the operational data traffic of the Bundeswehr and the IT networks of the Federal Ministry of Defense were not affected by the attack», a representative of the Ministry of Defense told the publication.
An engineering firm in Lower Saxony was also subjected to a hacker attack. The company is involved in constructing facilities for the Bundeswehr's operational command and is supposed to fulfill specifications from the classified «Operational Plan Germany». This document regulates the defense of the country and the alliance, particularly the deployment and positioning of troops in the country in the event of military actions.
It is unknown whether this classified information was captured by the hackers. In any case, authorities also assume that the perpetrators in this case were from the Russian cybercriminal environment.
German intelligence believes there is close cooperation between cybercriminals, so-called «hacktivists», and Russian state structures.
German intelligence services believe that often a regular case of cybercrime may actually be an espionage operation. Or confidential data may simply be handed over by hackers to Russian intelligence services for secondary use.
In the spring, the head of the Bundeswehr's cybersecurity department, Colonel Andreas Kubitz, said in an interview that the Bundeswehr «regularly» becomes the target of various attacks. According to him, since the start of Russia's aggressive war in Ukraine, the number of so-called DDoS attacks has significantly increased. According to the provided information, the number of phishing attacks, aimed at stealing passwords, for example, is also growing. «We are dealing with a wide range of malware and targeted espionage attempts by so-called APT (Advanced Persistent Threats). These are hacker groups that operate on behalf of the state and are often directly integrated into intelligence or military structures», Kubitz stated.