Cyber Incident Victim: Sozialdemokratische Partei Deutschlands
Date:
May 2022
Location:
Germany
Summary
Russian hackers conducted DDoS attacks targeting German government websites, including those of the defense ministry, parliament, federal police, and state police authorities, as well as the SPD's site associated with Chancellor Olaf Scholz, causing temporary disruptions. The group Killnet claimed responsibility via Telegram, with German authorities assessing the attacks as retaliation for weapons deliveries to Ukraine. Officials characterized the incidents as technically unsophisticated and manageable with standard defenses but warned of escalating cyber threats against critical infrastructure due to Germany's support for Ukraine. Security agencies anticipated increased attack intensity across multiple fronts, emphasizing risks to public confidence and potential destabilization through cyber operations and other disruptive tactics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around May 1, 2022, Russian hacker group Killnet conducted distributed denial-of-service (DDoS) attacks against multiple German government websites, temporarily rendering them inaccessible. The attacks targeted federal institutions including the German Defense Ministry, the Bundestag (federal parliament), and federal police systems, along with several state police authorities. The official SPD website of Chancellor Olaf Scholz was also confirmed among the affected entities. Killnet publicly claimed responsibility for these attacks via Telegram messaging channels. Security assessments cited in reporting attributed the attacks to retaliation for Germany’s military support to Ukraine, specifically weapons deliveries. The Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany’s federal cybersecurity agency, characterized the DDoS incidents as technically unsophisticated, noting such attacks could be effectively mitigated using standard defensive technologies.
German authorities had anticipated increased cyber aggression due to geopolitical tensions. Federal Interior Minister Nancy Faeser (SPD) had previously warned of elevated cyberattack risks targeting German businesses and critical infrastructure, citing ongoing malicious activities probing for vulnerabilities to install malware. In response, Germany had reportedly intensified protective measures prior to the May incidents. Stephan Kramer, president of Thuringia’s domestic intelligence agency, projected further escalation of cyberattacks against Germany, linking the trend to Berlin’s expanded support for Ukraine through sanctions, economic aid, and arms transfers. He cautioned that even limited cyber operations could induce public uncertainty or destabilization. The Federal Office for the Protection of the Constitution (BfV) had heightened warnings in March 2022 about Russian state-aligned cyber threats, specifically referencing the GRU-linked Ghostwriter campaign, which had previously targeted German email systems with phishing attacks mimicking Ukrainian military accounts. While no direct technical connection between Ghostwriter and the May DDoS attacks was asserted in available reporting, BfV alerts emphasized Russia’s persistent cyber reconnaissance against German political and infrastructure targets.