Immediately before the federal election, the EU states blamed Russia for “malicious cyber activities” by the “ghostwriter” hacking group.

"Such activities are unacceptable as they aim to threaten our integrity and security, democratic values ​​and principles and the core function of our democracies," said a statement made on Friday by the EU Foreign Affairs Representative Josep Borrell on behalf of all 27 member states submitted.

Thomas Gutschker

Political correspondent for the European Union, NATO and the Benelux countries based in Brussels.

  • Follow I follow

The group targeted numerous MPs, government officials, politicians, media and civil society organizations by breaking into their computer systems and stealing data.

The EU attributes this to the Russian state, demands an immediate end to the attacks and reserves the right to “take further steps” - an indication of sanctions.

According to information from the FAZ, the declaration was initiated and promoted by Germany. A spokeswoman for the Foreign Office reported on September 6th about attacks by "ghostwriters" before the federal election. For example, hackers “tried using phishing emails to obtain personal login data, particularly from members of the Bundestag and Landtag, in order to be able to commit identity theft”.

These attacks could "serve as preparatory measures for influence operations such as disinformation campaigns in connection with the federal election," the spokeswoman said.

The federal government had "reliable knowledge on the basis of which the" ghostwriter "activities can be assigned to cyber actors of the Russian state and specifically to the Russian military intelligence service GRU".

At the time, it was not known whether data was actually stolen.

The EU declaration now suggests this.

Lured to fake sites

The attacks in Germany are said to have started in March.

The hackers pretended to be email providers GMX and T-Online.

They tried to lure their target persons to fake pages with targeted e-mails and thus elicit their login information.

Similarly, politicians and the media in Lithuania, Latvia, Ireland and Poland had previously been spied on. In Poland, emails from Prime Minister Mateusz Morawiecki's most important advisor and Health Minister Adam Niedzielski were distributed via the Telegram messenger service at the beginning of June. It discussed internals such as obtaining vaccines and dealing with protests against a law that bans abortion. The Polish government blamed Russia for it without naming the hacking group.

These cyberattacks were explicitly "condemned" during the latest meeting of heads of state and government in late June.

The EU Commission was asked to examine “suitable measures within the framework of the Cyber ​​Diplomacy Toolbox”.

This is a sanctions regime that was first used against representatives of China and Russia in the summer of 2020.

In October 2020, the head of the Russian military intelligence service, another employee and a special unit were banned from property and entry due to a cyber attack on the Bundestag in 2015.

It is to be expected that the most recent attacks will also be sanctioned in this context.