The biggest cyber attack against the Bundestag to date will not go unpunished. The EU is now imposing sanctions against Russians. Moscow had recently issued an urgent warning against this.
The EU has imposed new Russia sanctions because of the massive hacker attack on the German Bundestag in 2015. Affected are the head of the main directorate of the General Staff of the Russian Armed Forces, one of the alleged hackers as well as a military unit responsible for cyber attacks, the EU announced on Thursday. The sanctions regime provides that the EU can now freeze assets. In addition, EU entry bans apply to the individuals.
The largest cyber attack to date against the Bundestag was carried out in April and May 2015. Computers in numerous parliamentary offices had been infected with spy software, including computers in the office of Chancellor Angela Merkel (CDU). As a result of the attack, the parliament’s IT system subsequently had to be given a general overhaul. A considerable amount of data was also stolen.
In view of the results of the Federal Prosecutor General’s investigations into the attack, Merkel had already spoken of “hard evidence” of Russian involvement and of an “outrageous” incident some time ago. The Federal Government is also the initiator of the punitive measures that have now been decided.
Russia, on the other hand, warned as early as July that relations between Berlin and Moscow would deteriorate if there were to be sanctions because of the hacker attack. The German government’s initiative to achieve “cyber sanctions” by the EU against Russia was “bad news” for Russian-German relations, said Deputy Foreign Minister Vladimir Titov at the time. Such sanctions could also affect international cooperation in information security.
Despite calls, Russia had not yet presented any evidence that citizens of the country had been involved in the hacker attack in May 2015, he said. Without proof of Russia’s guilt, the accusations are groundless, it was said.
The EU justifies the sanctions against the head of the General Staff of the Russian Armed Forces on the grounds that he is in command of the 85th Main Center for Special Services. The latter in turn is accused of having been involved in the cyber attack against the German Bundestag.
Igor Kostyukov, because of his function, is “responsible for the cyber attacks, (…) which pose an external threat to the Union or its member states”, the EU’s Official Journal states. The military unit in question is also known in professional circles by nicknames such as “APT28”, “Fancy Bear”, “Sofacy Group”, “Pawn Storm” and “Strontium”. It is also said to have been involved in the attempted cyber attack on the Organization for the Prohibition of Chemical Weapons (OPCW) in April 2018.
According to the EU Official Journal, the hacker involved is a 30-year-old man by the name of Dmitry Badin. He is said to have been involved in the attack as a military intelligence officer of the 85th Main Centre for Special Services.
It is considered unlikely that punitive measures such as entry bans will really hurt those affected. However, it is hoped that they will serve as a message to the government in Moscow and show that the EU will no longer tolerate attacks of this kind. The EU had recently imposed entry and property restrictions on presumed leaders of President Vladimir Putin’s entourage in connection with the attack on the Russian opposition politician and Kremlin critic Alexei Nawalny.