On June 1, 2024, one week before European parliamentary elections, Germany’s largest opposition party was forced to temporarily take part of its IT infrastructure offline after it fell victim to a “serious” cyberattack. In response, the German Federal Office for Information Security (BSI) and the Federal Office for the Protection of the Constitution (BfV) increased protective measures to prevent further damage, issued warnings to all other political parties, and launched an investigation. Officials eventually attributed the attack to APT28, a hacking unit also known as Fancy Bear directed by Russia’s military intelligence service (GRU). Authorities refused to provide details regarding the extent of the breach but later confirmed that party head Friedrich Merz was amongst those affected. The hackers apparently took advantage of vulnerabilities in the security software “Check Point”.
Russia hacks Germany’s largest opposition party (CDU)