Cyber Attacks on Parliamentarians: Government criticizes Russia
The upcoming German "Bundestagswahl" (parliamentarian Election) was shocked once more, for it has been the third time it was a victim of cyber-attacks. National intelligence and security agencies are reporting numerous foreign intelligence agency attacks on German parliamentarians.
The German federal government is formulating concrete accusations against hacker groups with alleged ties to Russia which have been suspects of said cyber-attacks. Findings and insights have been uncovered that tie the Ghostwriter group and their activities to the Russian government and specifically the military intelligence agency GRU, so a speaker of the German State Department.
The attacks against parliamentarians of the Union and SPD political parties were, according to the German Federal Office for Information Security (BSI), phishing attacks against business and private email accounts. Foreign intelligence agencies could use acquired credentials to send out fake information in the name of the victims.
The phishing-attacks have been categorized as trustworthy looking emails which contain malicious attachments or links to malicious websites, and ultimately transfer Malware and Spyware onto the smartphones and computers of the victims.
The special German letters "Ä", "Ü" and "Ö" were the real heroes of the story. Due to an incorrect encoding which displayed the letter "ü" in the word "Büro" (= office) as a question mark (= ?), it was quickly discovered that the emails were in fact fake.
DriveByte provides consultation services specialized in schooling employees and raising the awareness for cyber security in general. Our consultants help your IT-Security team in creating and executing phishing-campaigns to sensitize employees to the topic of phishing and fake emails and help protect them from real future attacks. On top of that, we provide our customers a free individual and tailored Phishing-Policy that covers detection, reporting and response of/to phishing attacks. Get in touch to learn more about our Anti-Phishing-Program in a non-binding and free consultation.