The United States strongly condemns the malicious cyber activity by Russia’s General Staff Main Intelligence Directorate (GRU), also known as APT28, against Germany, Czechia, Lithuania, Poland, Slovakia, and Sweden. We join Germany in attributing specific malign activity carried out by APT28 that targeted a German political party.
APT28, also known as Fancy Bear, Strontium, and Forest Blizzard, is a well-known threat actor with a long history of engaging in malicious, nefarious, destabilizing and disruptive behavior. The United States has previously indicted and sanctioned actors associated with APT28 for their involvement in a wide range of malign cyber activity, including cyber activities aimed at interfering in the 2016 U.S. presidential elections, and sustained hack-and-leak operations targeting the World Anti-Doping Agency (WADA) that intended to undermine and sow doubt in the integrity of the organization.
The U.S. Department of Justice has worked with Germany to remediate a network of hundreds of small office/home office routers that APT28 was using to conceal and carry out malicious activity, including the exploitation of CVE-2023-23397 against targets in Germany. The DOJ action further blocked the GRU from regaining access to remediated devices.
Russia’s pattern of behavior blatantly disregards the Framework for Responsible State Behavior in Cyberspace, as affirmed by all United Nations Member States. The United States is committed to the security of our allies and partners and upholding the rules-based international order, including in cyberspace. We call on Russia to stop this malicious activity and abide by its international commitments and obligations. With the EU and our NATO Allies, we will continue to take action to disrupt Russia’s cyber activities, protect our citizens and foreign partners, and hold malicious actors accountable.
Official news published at https://www.state.gov/the-united-states-condemns-malicious-cyber-activity-targeting-germany-czechia-and-other-eu-member-states/