Cyber Incident Victim: Bundestag
Date:
May 2022
Location:
Germany
Summary
Russian hackers, including the group Killnet, conducted DDoS attacks targeting German federal entities such as the Bundestag, defense ministry, federal and state police agencies, and the SPD website of Chancellor Olaf Scholz, causing temporary disruptions. The attackers claimed the incidents as retaliation for Germany's military support to Ukraine. Authorities assessed these attacks as technically unsophisticated, manageable with standard defenses, but warned of escalating cyber threats due to Germany's increased aid to Ukraine. Security officials anticipated further attacks on critical infrastructure and broader destabilization efforts, noting risks of hybrid threats including cyber intrusions and potential exploitation of refugee flows. The incidents aligned with prior warnings about Russian state-linked cyber operations targeting European governments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around May 1, 2022, Russian hackers conducted distributed denial-of-service (DDoS) attacks targeting websites of German government institutions, including the Bundestag, the Federal Ministry of Defense, the Federal Police, several state police authorities, and the SPD website of Chancellor Olaf Scholz. The attacks temporarily rendered these sites inaccessible by overwhelming servers with excessive traffic. The Russian hacker group Killnet claimed responsibility for the attacks via Telegram, with German authorities assessing the operation as retaliation for Germany’s military aid to Ukraine, including weapons deliveries. The Federal Office for Information Security (BSI) acknowledged the incidents but characterized the attacks as technically unsophisticated, noting they could be effectively mitigated using standard defensive technologies. No data breaches or malware installations were reported in connection with these DDoS incidents.
German authorities had anticipated heightened cyber threats due to the country’s support for Ukraine. Federal Interior Minister Nancy Faeser stated that ongoing cyber activities consistently targeted German entities and critical infrastructure, with hackers actively probing for vulnerabilities to deploy malicious software. Stephan Kramer, president of Thuringia’s domestic intelligence agency, warned that Germany’s expanded military, economic, and sanctions-related support for Ukraine would intensify its exposure to multi-domain attacks, predicting a significant escalation in cyber aggression against German infrastructure in subsequent weeks. The Federal Office for the Protection of the Constitution had already elevated its cyber threat warnings in March 2022, linking Russian military intelligence (GRU) to phishing campaigns against European politicians using compromised Ukrainian military email accounts. These campaigns employed malware resembling the “Ghostwriter” operation, previously attributed to GRU by the German Foreign Office. While no attacks leveraging the newly identified domain “dienste-email.eu” had been observed by May 1, authorities cautioned vigilance given its association with Ghostwriter. Kramer further highlighted broader hybrid threats, including potential terrorist infiltration of refugee flows, emphasizing that even minor disruptive actions could fuel societal instability.