Cyber Incident Victim: Bundestag
Date:
Jan 2015
Location:
Germany
Summary
A pro-Russian hacker group known as CyberBerkut conducted a distributed denial of service (DDoS) attack targeting German government websites, including the Bundestag, causing significant downtime. The group claimed responsibility through an online statement, denouncing German financial and political support for Ukraine's government amid the ongoing conflict in eastern Ukraine. CyberBerkut, which has previously leaked communications between Ukrainian and U.S. military entities, framed the attack as opposition to Western assistance for Kyiv. German authorities acknowledged the incident as a serious external attack and implemented countermeasures to restore services. The incident coincided with planned diplomatic talks between German and Ukrainian leadership regarding economic cooperation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 7, 2015, a distributed denial-of-service (DDoS) attack disrupted access to multiple German government websites, including the official site of Chancellor Angela Merkel’s government seat and the legislative body Bundestag. The pro-Russian hacking group CyberBerkut claimed responsibility for the attack, posting a statement on their website accusing Ukrainian Prime Minister Arseny Yatsenyuk of seeking financial assistance from the EU and International Monetary Fund to prolong the war in eastern Ukraine rather than rebuild the country. The group demanded Germany cease political and financial support for Ukraine’s government, which they labeled a "criminal regime." The attack coincided with preparations for a meeting between Merkel and Yatsenyuk scheduled for the following day in Berlin to discuss economic cooperation. Both targeted websites remained inaccessible as of 8:50 a.m. EST on the day of the attack.
The DDoS attack overwhelmed servers by flooding them with millions of requests from global internet signatures, a technique consistent with CyberBerkut’s previous activities. German government spokesman Steffen Seibert confirmed the incident as a "serious attack clearly caused by a multitude of external systems" but refrained from attributing blame. Countermeasures were implemented to mitigate the attack, though specific technical details were not disclosed. CyberBerkut had previously targeted Ukrainian institutions, notably hacking and publishing correspondence between Ukrainian and U.S. military officials, including documents related to Ukraine’s request for funding to participate in U.S.-led military exercises. The group’s online presence, including posts in English and Russian, suggested operational ties to eastern Ukraine’s ethnically Russian regions. The attack occurred against the backdrop of ongoing conflict in eastern Ukraine, where over 5,000 people had died in clashes between pro-European government forces and Russia-aligned separatists. Western nations had accused Russia of direct involvement in the conflict, allegations Russia denied.