Czechia, Germany and allies have accused Russia of orchestrating cyberattacks against democratic institutions and political parties across Europe and other countries.

Germany last week said that the 2023 breach of the Social Democratic Party was conducted by APT28 (aka Fancy Bear, Strontium, and Forest Blizzard), a hacker collective linked to Russia’s General Staff Main Intelligence Directorate (GRU). Officials said that the intruders exploited a then zero-day vulnerability (CVE-2023-23397) in Microsoft’s Outlook email software. According to German officials, APT28 was behind widespread attacks on German companies in the fields of logistics, armaments, aerospace, IT services, and foundations and associations.

“Companies from these sectors were also attacked abroad. In addition, the attacks abroad targeted state institutions and critical infrastructure, particularly in the energy supply sector. Targets related to Russia's war of aggression against Ukraine, which violates international law, were a focus of the attacks,” the German authorities said.

Officials said that the SPD attack was part of a larger cyberespionage campaign. The hackers used compromised network devices from otherwise uninvolved companies and private individuals to conceal their own infrastructure. Last week, Trend Micro released a report detailing how cybercriminals and state-backed threat groups share compromised networks. The report covers Russian threat actor APT28’s exploitation of Ubiquiti EdgeRouters (aka the MooBot botnet).

Additionally, Czechia and Poland announced that their institutions had also became targets of this cyber campaign.

The US State Department and NATO have also condemned the malicious cyber activity by APT28 against Germany, Czechia, Lithuania, Poland, Slovakia, and Sweden.