On March 26, 2021, hackers likely affiliated with Russia’s military intelligence service (GRU) targeted seven members of the German federal parliament, the Bundestag, and 31 state legislators with phishing emails, according to German authorities. The credential theft activity targeted politicians belonging to the Christian Democratic Union (CDU), the political party of Chancellor Angela Merkel, and the Social Democratic Party (SDP). FireEye reports that UNC1151, a state-sponsored cyber actor that uses malware and credential theft tactics, is likely behind the attack. Additionally, FireEye concluded that the attack was a part of a broader influence campaign called Ghostwriter, which has involved attacks in Lithuania, Latvia, and Poland since 2017 and is aligned with Russian security interests. Historically, the campaign has utilized fake email accounts and junk news sites to spread anti-NATO sentiment and false narratives.