Constitution Office warns NGOs of rising Russian cyberattacks
The Federal Office for the Protection of the Constitution warns civil society organizations about a growing threat from Russian cyberattacks targeting them.
(Image: Maxim Gaigul/Shutterstock.com)
The Federal Office for the Protection of the Constitution (Bundesamt fĂĽr Verfassungsschutz, BfV) is urging German civil society organizations (NGOs) and scientific institutions to exercise caution in view of the risk of increased cyberattacks by foreign intelligence services, particularly from Russia. A few days ago, the domestic intelligence service sent a corresponding warning letter to dozens of foundations, associations and similar institutions, as reported by WDR, NDR and SĂĽddeutsche Zeitung (SZ).
In the ten-page awareness-raising paper, the BfV points out, according to the media, that Russia is increasingly restricting the scope for action of foreign organizations. For example, they are considered "undesirable" or "extremist" and are listed. This branding is usually accompanied by cyberattacks on the institutions' IT systems. Just this week, the Russian authorities declared another German think tank, the German Council on Foreign Relations (DGAP), to be undesirable.
According to the Federal Office for the Protection of the Constitution, however, "organizations with fields of activity in political or social research, activism or cultural cooperation" that have not yet been classified accordingly by the Russian authorities are also being attacked.
Email traffic of an Eastern European society spied on
According to the reports, the BfV recommends various technical security measures such as end-to-end encryption to NGOs. It is also important to increase the exchange of information with each other and with the local authorities: "Cyberattacks often affect not only individual institutions, but several organizations that are in the attackers' interest," tagesschau.de quotes from the letter.
According to the reports, one trigger was apparently the case of the German Society for East European Studies (DGO). In 2024, the Russian Ministry of Justice categorized the association of researchers and experts, founded in 1913, as one of the first German institutions to be classified as "extremist". The reason: it was said to be part of an "anti-Russian separatist movement". However, the DGO was not only pilloried, according to the reports. Rather, cyber criminals had secretly gained extensive access to the association's email accounts and read the network's communications for months. This two-pronged approach is apparently not an isolated case.
Germany easily vulnerable as an open society
In a brochure published in January, the BfV writes: "In the digitalized world, intelligence services can use cyberattacks to spy on other countries from secure bases in their own country. They attack individual computers or entire networks and gain permanent access. This allows them to gather information or open up opportunities to cause damage through sabotage."
The options available to foreign intelligence services are expanding "significantly as a result of the development of new technologies and advancing digitalization", the office explains. Germany is an attractive target for them: "As a free and cosmopolitan society, it is particularly vulnerable." The work intensity, scope and complexity of the Russian Federation's intelligence activities have generally increased significantly with the war of aggression against Ukraine.
Under the conditions of Russian President Vladimir Putin's authoritarian rule, the FSB, SWR and GRU, which are responsible for domestic, foreign and military affairs, served "internally to maintain the regime's power and externally to gather information and ruthlessly enforce its interests", explains the BfV. Since 2014, Germany's foreign, security, defense and energy policies have also become the focus of Russian espionage and cyberattacks.
Videos by heise
Bundestag hack and ghostwriters
Relevant activities came to public attention in 2015 in particular with the serious attack known as the "Bundestag hack". At the time, the parliament's IT infrastructure was completely paralyzed for a time. 16 gigabytes of data are said to have been leaked. The German government later accused the GRU of being behind the hostile action.
The authorship of cyberattacks is usually difficult to determine. In 2021, the German government therefore introduced a "national attribution procedure" led by the Federal Foreign Office to formalize which groups are most likely responsible.
The executive branch also used this procedure to investigate the allegations made in 2021 against the "ghostwriter" gang in the weeks leading up to the Bundestag elections. The gang allegedly used phishing attacks to obtain personal login details on a large scale, particularly of members of the Bundestag and state parliaments, and used captured documents to conduct disinformation campaigns. According to the German government, the traces once again pointed to Russia.
To improve its defenses, the Federal Criminal Police Office (BKA) created a new structure for investigations into state cyber espionage in the state security department in 2024, according to the research association. The investigators are also to work more closely with experts from the cybercrime units. However, the track record to date is manageable.
(nie)
