Cyber Incident Victim: Die Linke
Date:
Mar 2026
Location:
Germany
Summary
A Russian‑speaking ransomware group known as Qilin claimed responsibility for an attack on the German democratic socialist party Die Linke, threatening to release stolen data unless a ransom was paid. In response, the party shut down portions of its IT infrastructure to contain the breach and characterized the incident as a hybrid warfare operation tied to Moscow’s broader geopolitical aims.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The CSIS timeline records significant cyber incidents since 2006, focusing on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses exceeding one million dollars. In its March 2026 entry, the timeline notes that Qilin, a Russian-speaking ransomware group, claimed responsibility for a cyberattack on the German democratic socialist political party Die Linke. The group threatened to publish stolen data if a ransom was not paid. The entry appears within a list of incidents compiled by the Center for Strategic and International Studies. The timeline is intended to highlight events with notable impact or strategic relevance.
In response to the attack, Die Linke shut down parts of its IT systems to limit further damage. The party described the incident as a hybrid warfare operation. It linked Qilin’s actions to Moscow’s broader geopolitical goals. The timeline entry does not specify the amount of any ransom demand. It also does not detail the volume or type of data allegedly exfiltrated. No additional information about system restoration or public statements beyond those noted is provided in the source.