Cyber Threat Actor: FuhrparkService
| Actor Type | Location | Known Incidents |
Nation State
|
Russia
|
1 incident |
|---|
Profile
The threatactor is known by the aliases Fuhrpark Service transport fleet and BWFU, and the provided context indicates a location in Russia. German defense ministry sources describe the actor as an unidentified external party responsible for the cyberattack on the BWFU IT network. No further details about the actor’s structure, size, or internal organization are available in the source material.
The actor’s targeting is evidenced by the August 2020 intrusion against BWFU, a military‑run transport provider that serves the Bundestag parliament and German military personnel. The attack focused on the organization’s IT network and potentially exposed sensitive information such as politicians’ private addresses and parliamentary booking details. As a result, BWFU was forced to disconnect all electronic client links and engage a cyber incident response firm, although initial checks showed no damage to broader Bundeswehr systems. Parliamentary officials characterized the incident as serious and urged urgent resolution.
Regarding tactics, techniques, and procedures, the referenced article does not specify any malware families, initial access vectors, or particular tooling styles used by the actor; it only notes that the compromise was carried out by an unidentified external party through a cyberattack. Consequently, no concrete TTP themes can be derived from the available information.
Public attribution or affiliations have not been established; the actor remains unidentified, and no state nexus or criminal consortium is confirmed in the sources. The August 2020 intrusion against BWFU represents the sole publicly reported operation associated with this actor, described by officials as a significant breach whose full scope remained undetermined at the time of reporting.
