14 DAY TRIAL // Several members of the German political scene were the targets of two waves of spear-phishing campaigns that took place over the summer, multiple German media outlets report.
According to Süddeutsche Zeitung, the German newspaper that broke the Panama Papers story, local political figures received spear-phishing emails from a man named Heinrich Krammer claiming to be a NATO employee, and who used a @hq.nato.int email address. The emails were sent on August 15 and then on the second wave on August 24.
The emails offered recipients information about the Turkey failed coup and the earthquakes that hit Italy's Amatrice region. Inside the emails, links lured politicians to a malicious website that attempted to install spyware on their computers.
Supposed targets included Sahra Wagenknecht, leader of the main opposition party Die Linke (The Left Party), members of the youth party of Angela Merkel’s Christian Democratic Union (CDU), but also CDU and Die Linke party officials from Saarland, a region in Germany's south-west, where elections are to be held next spring.
Germany and NATO officials detected the attacks on September 7, and on September 9 Germany's Federal Office for Information Security (BSI) started circulating an alert among political parties and the Bundestag (Germany's Parliament).
Attribution dice stops on Russia, again
German security experts suggested the attack came from Russia. Next year, Germany is scheduled to hold general elections.
US officials have already voiced their worries that Russian cyber-espionage groups will attempt to influence the US presidential elections this fall. Many experts think Russia already is influencing US elections through the leak of emabarassing files released by a hacker known as Guccifer 2.0, whom many have deemed as a sockpuppet for Russia's cyber-intelligence system.
James Clapper, head of US Director of National Intelligence, suggested yesterday that Russia might be behind cyber-attacks against the Democratic Party, but also said that the Russian regime had been trying to influence US elections since the '60s, so it's nothing new to them.
In May 2016, Trend Micro disclosed a series of cyber-attacks that attempted to acquire various login credentials from several members of Angela Merkel's CDU party. Trend Micro said the attacks were linked to a cyber-espionage group named APT28, which CrowdStrike also named as one of the two hacker groups that breached the Democratic Party servers.
In the fall of 2015, German authorities also found the Regin spyware on the personal laptop of the head of the German Federal Chancellery (GFC), who serves as one of Angela Merkel's assistants.