Cyber Incident Victim: Wiesbaden, Hesse, Germany
Date:
May 2022
Location:
Germany
Summary
Russian hackers, identified as the group Killnet, conducted distributed denial-of-service (DDoS) attacks targeting German federal and state authorities, temporarily disrupting access to websites of the defense ministry, parliament, federal police, and Chancellor Olaf Scholz's SPD page. The attacks were claimed as retaliation for Germany's military support to Ukraine, with security agencies assessing them as technically unsophisticated but indicative of escalating cyber threats. Officials warned of increased risks to critical infrastructure and destabilization efforts, linking the activity to broader Russian state-backed operations including phishing campaigns using compromised Ukrainian military email accounts. Authorities emphasized enhanced protective measures amid expectations of intensified attacks due to Germany's geopolitical stance.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around May 1, 2022, Russian hackers conducted distributed denial-of-service (DDoS) attacks targeting websites of German government entities, temporarily rendering them inaccessible. The attacks affected the German Federal Ministry of Defense, the Bundestag (federal parliament), the Federal Police, multiple state police authorities, and the SPD party website of Chancellor Olaf Scholz. The Russian hacker group Killnet claimed responsibility for these attacks through Telegram communications. According to German security assessments reported by Der Spiegel, these cyber operations constituted retaliation for Germany's military support to Ukraine through weapons deliveries. The attackers overwhelmed target servers with high volumes of traffic, though the Federal Office for Information Security (BSI) characterized the attacks as technically unsophisticated and noted they could be effectively mitigated using standard defensive technologies.
German authorities had anticipated increased cyber threats following heightened support for Ukraine. Federal Interior Minister Nancy Faeser stated that critical infrastructure and German companies faced persistent cyber activities, with attackers actively seeking vulnerabilities to deploy malware. Stephan Kramer, president of Thuringia's domestic intelligence service, warned that Germany would face escalating attacks across multiple domains due to its provision of military aid, sanctions against Russia, and economic support to Ukraine. The Federal Office for the Protection of the Constitution (BfV) had intensified warnings in March 2022 about cyber operations linked to Russian military intelligence, specifically referencing the Ghostwriter campaign that used compromised Ukrainian military email accounts to conduct phishing attacks against European politicians. While no disruptive activities had yet originated from the newly identified domain dienste-email.eu at the time of reporting, German intelligence agencies monitored it as a potential threat vector. Security officials also expressed concerns about non-cyber hybrid threats, including possible terrorist infiltration of refugee flows and low-intensity actions designed to sow public uncertainty and destabilize societal institutions.