Russian hackers known as APT28 carried out a massive cyber-attack against multiple European countries with the aim of targeting political objectives and obtaining critical information. The main victims were the Czech Republic and Germany, but operations also took place in other countries such as Lithuania, Sweden, and Poland. Slovakia was not spared from the attacks either.
APT28 is a hacking group of Russian origin directly linked to the Russian military intelligence agency (GRU). It is known by several acronyms, such as Fancy Bear, Forest Blizzard, and Sofacy. Their activities are estimated to have begun in 2005. Since its inception, APT28 has conducted several high-profile cyber-attacks against governments, armies, security organizations, and media in Europe, North America, and other regions. The primary objective of their operations is to obtain classified information through cyber espionage. The group gained particular notoriety for its politically motivated attacks during the US presidential elections in 2016.
Russian cyberattacks on Slovakia are nothing new
In the first days after the alarming revelations about Russian operations, Bratislava acted as if it hadn’t noticed the warnings from abroad about the country being attacked. However, later, the National Security Authority (NBÚ) issued a warning about the imminent threat of DDoS attacks (sending a huge amount of illegitimate prompts, which ultimately overloads the system and causes its unavailability) directed against Slovakia. All of this was in response to threats from the APT28 group. At a time of imminent threat to Slovakia’s cyberspace from the Kremlin, Member of Parliament for the Smer party and former police president Tibor Gašpar was holding talks on cybersecurity with Russian ambassador Igor Bratchikov. During the meeting, they discussed potential future cooperation in enhancing cybersecurity. These actions significantly undermine Slovakia’s ability to defend itself against incoming threats from Moscow. Additionally, NBÚ stated that APT28 had been conducting operations against other government entities and critical infrastructure operators both in NATO and in Slovakia.
However, Russian hacking operations are nothing new. Moscow has long been one of the most active actors in Slovak cyberspace. Saboteurs from Anonymous.ru, for example, targeted several objects in Slovakia in 2022, including the airport and taxi services. Last year was also particularly rich in cyber incidents caused by Russian actors. At the very beginning of the year, in January, Anonymous.ru was active again, and NBÚ issued a warning about intense attacks. In March, hacktivists subsequently took down the websites of the National Council, the National Bank, the Ministry of Defense, and other institutions. Given the fact that Moscow has been a long-term major threat to the security of Slovakia’s cyber and information space, talks about enhancing cybersecurity in cooperation with Russia seem absurd.
Operations in the Czech Republic are just part of a larger espionage campaign
The extensive cyber campaign did not spare the Czech Republic either. Several institutions were victims of the attacks, which were again attributed to the APT28 group. The operations were reported to have commenced in 2023, exploiting previously unknown vulnerabilities in Microsoft Outlook to penetrate systems. This was a large-scale cyber espionage effort aimed at acquiring critical classified information. Various NATO member countries condemned APT28’s activities, stating that such actions directly contradict international law on responsible state behavior in cyberspace. As a result of the attacks on government institutions, Prague summoned Russian Ambassador Alexander Zmeyevsky. According to Czech Foreign Minister Jan Lipavský, Moscow has long attempted to undermine democracy in the Czech Republic, not only through cyber operations.
There are several examples supporting this claim. Last year, the news about the explosion of an ammunition depot in Vrbětice, allegedly caused by Russian agents, made headlines. The Czech police accused the GRU of the operation. A large espionage network in the Czech Republic was also revealed through a joint investigation by journalists from various countries into Moscow’s propaganda network, which aimed to influence events in several European countries. This network reportedly funded various European politicians, including those from Germany’s far-right AfD, through the popular site Voice of Europe. The goal was to sway European politics. The Czech Republic accused pro-Russian Ukrainian oligarch Viktor Medvedchuk of this operation. All these events point to a rather extensive espionage network in the Czech Republic, with the APT28 attacks adding yet another dimension to this reality.
Germans and Poles were also targeted by hackers
Germany and Poland were not spared from cyber espionage. Last year, the APT28 group attacked the Social Democratic Party of Germany (SPD). Berlin directly accused the Russian secret service GRU of these attacks. In June 2023, SPD reported that the emails of its board members had been compromised due to vulnerabilities in Microsoft software. Germany called this an unacceptable act that “will not go unanswered.” Similarly strong statements have come from Poland, which declared that it is engaged in a cyber cold war with Russia. Polish Minister of Digitalization Krzysztof Gawkowski made this statement during his visit to Ukraine, noting that Poland faces hostile cyber activities similar to those of the Czech Republic and Germany.
APT28’s cyber operations indicate a broader trend of the Kremlin’s extensive espionage campaign in Europe. These cybercriminals are among the most active and sophisticated Russian actors supporting Moscow’s efforts to influence events on the continent. The espionage is not limited to the cyber dimension but is also accompanied by operations in the physical and informational spheres. Thanks to investigative journalism and the revelations from state security agencies, we are only now beginning to understand the full extent of the spy network operating in Europe.