All it took was for a specially modified email to arrive in Outlook from Microsoft. The recipient didn’t even have to read it, let alone click on anything in it or open an attachment. Nevertheless, its authors subsequently obtained highly sensitive credentials and were able to steal information.
Cyber attacks on Czech authorities or companies are not unusual. But now – for the first time in history – the Ministry of Foreign Affairs has pointed to Vladimir Putin’s government as the culprit. After the Babis government’s statement in April 2021 that the Russian GRU was behind the explosions in Vrbětice, Fial’s government has now publicly attributed cyber attacks on the Czech Republic to Russia as well.
It thus stood by the side of the German government, which simultaneously announced on Friday that the Russian secret service GRU was also behind the attack on the German governing Social Democracy (SPD) and other targets in the field of weapons, logistics and aviation. List Reports, based on sources in the security community, provide details of the Russian hacking operation.
In the Czech Republic, the Security Information Service and Military Intelligence worked to uncover the attack. And according to two Seznam Zpráv sources from the security community, Russian intelligence officers targeted dozens of institutions – for example, in the field of security or energy.
A group of experts known as APT28 is behind the operation, according to sources. Even American investigators previously identified it as Unit 26165 of the Russian secret service GRU. That is, the same military intelligence that is behind the explosions in Vrbětice.
Lukáš Kintr, director of the National Office for Cyber Security, also confirmed for Seznam Zprávy that it is the aforementioned GRU group.
“Our national analyzes clearly point to the state-sponsored group APT28 as a source of cyber attacks and long-term harmful effects against Czech state institutions,” Seznam Zprávám said. “There is no doubt about the involvement of the Russian military intelligence GRU in the activities of this group. This deliberate, irresponsible and highly damaging activity by Russia was intended to seriously threaten the security and stability of our country, and I am pleased that we were able to uncover and attribute it.”
“Together with other state security forces and when compared with the knowledge of our foreign allies, we reached the same conclusions as Germany,” he added.
Lipavský: They have been doing it for a long time
According to the Ministry of Foreign Affairs, APT28 has a long-term focus on the Czech Republic.
“Russia has been trying to subvert the democracy and security of the Czech Republic in various ways for a long time. We have many examples: the explosion in Vrbětice, the Voice of Europe influence operation or cyber attacks. Czech diplomacy will always defend the Czech Republic against Russian imperialism. Publicly pointing the finger at a specific attacker is an important tool for protecting national interests,” said Foreign Minister Jan Lipavský (Pirates).
One of the attacks exploiting a previously unknown security vulnerability in the program for sending e-mails was previously pointed out by Ukrainian experts. Microsoft fixed it a year ago. At the same time, however, he stated that it had been used against sensitive targets since at least April 2022, i.e. shortly after the Russian invasion of Ukraine.
“In the context of the upcoming European elections, national elections in a number of European countries and the ongoing Russian aggression against Ukraine, these actions are particularly serious and condemnable. We call on the Russian Federation to stop these activities,” the Chernin Palace said in a statement. The Czech Republic also requested support at the EU and NATO level.
“We are determined to strongly react to this unacceptable behavior together with our European and international partners,” added Czech diplomacy.
Coordination with the German government
At the same time, Czech diplomacy is proceeding in coordination with the German government. German Foreign Minister Annalena Baerbock threatened Russia during her visit to Australia.
“Russian state hackers attacked Germany in cyberspace,” said Germany’s foreign minister, who said an investigation led by her office clearly showed that a group was behind the attack APT28, which is controlled by the GRU. “This is completely unacceptable and will not go without consequences,” she warned.
The EU already sanctioned two Russians in 2020 in connection with the hacker attack on the German parliament.
Whether the GRU was successful in its hacking operation in the Czech Republic and gained access to internal government information is not public. As well as whether the Czech security forces know the full scope of the operation.
“It is not easy to assess the real-world impact of the attack, as no user interaction was required for its success,” said one of Seznam Správ’s sources in the security community.
BIS counterintelligence, which repeatedly draws attention to Russian hybrid operations in its public annual reports, did not comment on the case when asked by Seznam Zpráv. Spokesman Ladislav Šticha only confirmed in general terms that she participated in the revelation.
APT28
- A hacker group also known as Fancy Bear is a notorious attacker against Western targets. At the same time, it is proceeding in accordance with the interests of the Russian government.
- APT28 experts attribute the attacks to the German parliament, the French television station TV5Monde, the White House, NATO, the Organization for Security and Cooperation in Europe and the campaign of presidential candidate Emmanuel Macron.
- The group became known for attacking the emails of members of the Democratic Party, which was intended to help Donald Trump during the 2016 US presidential election.
Tags: Hacker attack time Czech Republic pointed Russian secret service
-
