The previously reported hack on the private servers of the German government’s interior and defense ministries are now being treated as part of a larger espionage effort by Russia. The attack was formally confirmed last week. The German chief federal prosecutor’s office is currently investigating whether espionage or Russia was involved in the attack.
A spokesperson from the German Interior Ministry stated that the danger of the attack has now been averted, but wouldn’t say if the attack was still ongoing. The prime suspect in the attack is the Russian hacking group Snake (not, as initially suspected and reported, similar group FancyBear). Russia has formally denied all associations with hacking groups or hacking efforts. In a statement they accused Germany and the rest of the world of accusing them of hacking without definitive proof.
The attack was first detected in December but may have been initiated much earlier than that.
Takeaway: For all of Germany’s bluster of Russia’s involvement being an act of war, there does not seem to be any preparation to make good on those threats. In part, this is because it can be hard to actually prove a hacker’s location or affiliation with a nation-state government; most nation-state hackers conduct their attacks outside their country to prevent retaliation and divert attention. Furthermore, some nation-states (most recently Russia) have pulled false flag operations to throw blame onto other countries. So knowing who to respond to can be perilous waters to traverse, let alone how to respond.
But in part this is also because, even though more and more business transactions and personal lives are undergoing digital transformation, few politicians are truly willing to engage in a physical war over a digital slight. So Russia can conduct espionage missions against other countries with total deniability and no repercussions, among their other alleged malicious digital activities. Who know what they might target next?
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021