Cyber attack on German air traffic control – is APT28 behind it?
DFS confirmed that the attackers penetrated the authority's office IT system. Last week's attack had no impact on flight operations.
(Image: FRED CC BY-SA 3.0)
There has been a cyber attack at German Air Traffic Control (DFS). The authority confirmed this to Bayerischer Rundfunk (BR) on request. The security authorities have been informed and, according to media reports, a group with links to the Russian secret service is behind the attack.
The intruders had successfully penetrated the "administrative IT infrastructure, i.e. the office communications of DFS GmbH", a BFS spokesperson told BR. Defensive measures were being taken and attempts were being made to limit the impact to a minimum. Air traffic is continuing as normal, a spokesperson told the Deutsche Presse-Agentur (dpa).
Indications of Russian involvement
The attack took place last week – there are apparently indications that APT28 was involved. The group, which is also known as "Fancy Bear", is presumably under the control of the Russian secret service GRU. However, it is rarely possible to reliably attribute a cyberattack to its perpetrators, as they generally leave no concrete evidence of their authorship at the scene of the crime. This distinguishes APTs (Advanced Persistent Threat) from ransomware gangs, which make no secret of their work and demand ransom from their victims in various ways.
Two experts recently uncovered a security vulnerability in flight operations – they were able to impersonate employees using an SQL injection vulnerability and thus gain access to security areas.
(cku)
