Cyber Incident Victim: German Chancellor Angela Merkel
Date:
May 2015
Location:
Germany
Summary
German Chancellor Angela Merkel disclosed evidence of Russian state-sponsored hackers targeting her communications and government systems, including infiltration of her email accounts and the Bundestag. The attacks, attributed to the Sofacy group (APT 28) and a suspect also implicated in U.S. election interference, involved data theft and espionage. Merkel condemned these actions as part of Russia's broader strategy of cyber-disinformation, straining bilateral relations. She referenced potential sanctions and linked the cyber intrusions to other hostile acts, such as an assassination on German soil, underscoring ongoing diplomatic tensions and the challenge of maintaining dialogue with Moscow despite repeated provocations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In May 2020, German Chancellor Angela Merkel publicly confirmed that Russian hackers had targeted her personal communications, citing "hard evidence" of espionage attempts dating back to at least 2015. During a parliamentary address, Merkel revealed that attackers had successfully copied data from two of her email accounts containing correspondence spanning 2012-2015, an intrusion linked to a broader cyberattack on the Bundestag (German parliament) that same year. German intelligence services attributed the operation to the Sofacy group (also known as APT 28), a Russian-linked threat actor previously implicated in attacks against NATO members and the disruption of French television network TV5Monde. Merkel characterized these activities as part of Russia's strategic use of "cyber-disorientation" and factual distortion, expressing frustration that such actions persisted despite her diplomatic efforts to improve bilateral relations. Investigators identified a specific suspect, Dmitry Badin—a figure also wanted by the FBI for hacking Democratic Party systems during the 2016 U.S. presidential election—though the disclosure did not specify Badin's exact role in the German breaches.
The incident compounded existing tensions between Germany and Russia, occurring alongside investigations into the August 2019 assassination of a former Chechen commander in Berlin’s Tiergarten park, which German prosecutors attributed to Russian or Chechen state actors. Merkel explicitly linked the cyber intrusions to this physical attack, noting both violated trust and referenced prior diplomatic sanctions—including the expulsion of Russian diplomats—imposed following the murder. She warned that further punitive measures remained possible if cyber espionage continued, framing the hacking as part of a pattern undermining bilateral cooperation. The breach’s confirmation highlighted vulnerabilities in governmental communications infrastructure, particularly the compromise of high-level political correspondence, though no operational disruptions to parliamentary functions were detailed. Media reports indicated the 2015 Bundestag attack involved aggressive network infiltration methods, but specific technical details regarding malware deployment or data exfiltration techniques were not disclosed in Merkel’s public statements.