Cyber Incident Victim: Bavaria
Date:
May 2022
Location:
Germany
Summary
Russian hackers conducted DDoS attacks targeting German government and political websites, temporarily disrupting access to entities including the defense ministry, parliament, federal police, and the chancellor's party site. The group Killnet claimed responsibility via Telegram, citing retaliation for German weapons deliveries to Ukraine. Authorities assessed the attacks as technically unsophisticated and manageable with standard defenses, though officials warned of escalating cyber threats linked to Germany's support for Ukraine. Security agencies highlighted ongoing risks to critical infrastructure and potential destabilization efforts, noting prior connections between similar phishing campaigns and Russian military intelligence operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around May 1, 2022, Russian hackers conducted distributed denial-of-service (DDoS) attacks against multiple German government websites, temporarily rendering them inaccessible. The attacks targeted federal entities including the German Defense Ministry, the Bundestag (federal parliament), the Federal Police, and several state police agencies. The website of Chancellor Olaf Scholz’s Social Democratic Party (SPD) was also affected. The Russian hacker group Killnet claimed responsibility for the attacks via Telegram, characterizing them as retaliation for Germany’s military support to Ukraine, including weapons deliveries. German authorities, citing technical assessments, noted the attacks were not highly sophisticated and could be mitigated using standard defensive technologies. The Federal Office for Information Security (BSI) acknowledged the incidents but declined to provide detailed commentary.
The attacks occurred amid heightened warnings from German security officials about escalating cyber threats linked to Russia’s invasion of Ukraine. Federal Interior Minister Nancy Faeser had previously emphasized the persistent risk of cyberattacks targeting German critical infrastructure and businesses, noting efforts to bolster defensive measures. Stephan Kramer, president of Thuringia’s domestic intelligence agency, warned that Germany’s expanded support for Ukraine—including sanctions, economic aid, and arms shipments—would likely provoke further Russian aggression across multiple fronts, including cyber operations. He predicted intensified attacks against German infrastructure in subsequent weeks. The Federal Office for the Protection of the Constitution (BfV) had earlier escalated alerts in March 2022 regarding cyber campaigns attributed to Russian military intelligence (GRU), citing phishing attacks against European politicians using compromised email accounts of Ukrainian military personnel. These activities were linked to the "Ghostwriter" campaign, previously associated with GRU by German authorities. The BfV also identified a newly registered domain (dienste-email.eu) potentially tied to Ghostwriter, though no active attacks using it had been observed at the time. Officials underscored concerns that even limited cyber intrusions could amplify societal instability, particularly when combined with other hybrid threats such as potential terrorist infiltration of refugee flows.