{ "id": "76908a64-f70f-47e8-937b-111ab18e7605", "created_at": "2026-04-06T00:13:14.685795Z", "updated_at": "2026-04-10T03:37:50.739032Z", "deleted_at": null, "sha1_hash": "9a7e89d6a80660333a903e457f1ed5fd8b9ff7b5", "title": "Russian hacking suspected", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 66858, "plain_text": "Russian hacking suspected\r\nBy Deutsche Welle\r\nPublished: 2016-09-20 · Archived: 2026-04-05 14:17:48 UTC\r\nThe three-way consortium comprising NDR and WDR public broadcasting and the \"Süddeutsche Zeitung\"\r\nnewspaper said Germany's political parties and their federal Bundestag parliamentary factions were recently\r\nbriefed by the BSI.\r\nArne Schönborn, the president of the Bonn-based Federal Office for Information Security - as the BSI is known in\r\nEnglish - told the journalist team: \"There are indications that point to the APT28.\"\r\nThe BSI's Schönborn urges Germany to ward off hackersImage: picture-alliance/dpa/F. gambarini\r\nThe Advanced Persistent Threat or APT28, which is also known as the Sofacy Group, is the name given by\r\nwestern agencies, including Germany's BfV domestic intelligence agency, to an alleged cyber attack network close\r\nto Russia's secret services, GRU and FSB.\r\nSchönborn said he had offered BSI help to the German parties so they could avoid future cyber attacks in the run-up to Germany's next federal election due in September 2017.\r\nSince last year, campaigns by ATP have allegedly targeted NATO and knocked the French television station\r\nTV5Monde off the air.\r\nA second group called \"Sandworm\" allegedly deployed electronic malware last December to disable part of\r\nUkraine's power grid.\r\nAlarm after recent hacker bids\r\nhttps://www.dw.com/en/hackers-lurking-parliamentarians-told/a-19564630\r\nPage 1 of 3\n\nThe German media consortium said German authorities were informed on September 7 that hacker attacks had\r\nbeen directed at federal parliamentarians of the center-left Social Democrats (SPD) and the post-communist Left\r\npart, including its parliamentary group leader Sahra Wagenknecht.\r\nThe Left's Sahra Wagenknecht was allegedly a targetImage: picture-alliance/dpa/P. Endig\r\nAlso targeted were \"Jungen Union,\" the youth wing of Chancellor Angela Merkel's conservative Christian\r\nDemocratic (CDU) party and CDU politicians in Saarland on Germany's border with France.\r\nIn so-called phishing attacks on emails on August 15 and 24, hackers had used false identities suggesting that the\r\nmessages were from NATO about the July coup attempt in Turkey and last month's earthquake in Italy's Umbria\r\nregion.\r\nThe Bundestag federal parliament had managed to avoid that attack, the consortium said, because it had already\r\nblocked access to malware after a previous scare in May.\r\nThe consortium said the recent attacks were being taken \"extremely seriously\" because authorities feared that\r\nsensitive information could be gathered by hackers to later manipulate the public ahead of elections.\r\nRussia 'very innovative'\r\nMarcel H. Van Herpen, who heads the Cicero Foundation , a Dutch think tank which advises the EU, wrote late\r\nlast month in the German parliamentary magazine \"APUZ\" that Russian \"disinformation\" had become \"very\r\ninnovative\" under President Vladimir Putin, a former KGB agent once stationed in communist East Germany.\r\n\"That relates to the extremely lavish budget for the propaganda work of the Kremlin, the far-reaching\r\nmodernization of the Russian propaganda machinery, the use of psychological know-how and the relative\r\nopenness of the Western media world\" to influence Western political decision-making, Van Herpen said.\r\nThe Dutch expert said a long-running subject at Russia's military academies was the Chinese method of \"Sunzi\" or\r\n\"the art of warfare\", developed in around 500 years BC, that used deception to erode resistance and defeat the\r\nenemy \"without having to fight a battle.\"\r\nhttps://www.dw.com/en/hackers-lurking-parliamentarians-told/a-19564630\r\nPage 2 of 3\n\nHe advised Western governments to significantly raise their budgets for \"public diplomacy.\" These had been\r\nseverely trimmed over the past 10 years while Russia had \"constantly raised\" its funding for its \"propaganda\r\nmachinery.\"\r\nipj/kl (AP, dpa, AFP, ARD)\r\nSource: https://www.dw.com/en/hackers-lurking-parliamentarians-told/a-19564630\r\nhttps://www.dw.com/en/hackers-lurking-parliamentarians-told/a-19564630\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.dw.com/en/hackers-lurking-parliamentarians-told/a-19564630" ], "report_names": [ "a-19564630" ], "threat_actors": [ { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "7bd810cb-d674-4763-86eb-2cc182d24ea0", "created_at": "2022-10-25T16:07:24.1537Z", "updated_at": "2026-04-10T02:00:04.883793Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "APT 44", "ATK 14", "BE2", "Blue Echidna", "CTG-7263", "FROZENBARENTS", "G0034", "Grey Tornado", "IRIDIUM", "Iron Viking", "Quedagh", "Razing Ursa", "Sandworm", "Sandworm Team", "Seashell Blizzard", "TEMP.Noble", "UAC-0082", "UAC-0113", "UAC-0125", "UAC-0133", "Voodoo Bear" ], "source_name": "ETDA:Sandworm Team", "tools": [ "AWFULSHRED", "ArguePatch", "BIASBOAT", "Black Energy", "BlackEnergy", "CaddyWiper", "Colibri Loader", "Cyclops Blink", "CyclopsBlink", "DCRat", "DarkCrystal RAT", "Fobushell", "GOSSIPFLOW", "Gcat", "IcyWell", "Industroyer2", "JaguarBlade", "JuicyPotato", "Kapeka", "KillDisk.NCX", "LOADGRIP", "LOLBAS", "LOLBins", "Living off the Land", "ORCSHRED", "P.A.S.", "PassKillDisk", "Pitvotnacci", "PsList", "QUEUESEED", "RansomBoggs", "RottenPotato", "SOLOSHRED", "SwiftSlicer", "VPNFilter", "Warzone", "Warzone RAT", "Weevly" ], "source_id": "ETDA", "reports": null }, { "id": "730dfa6e-572d-473c-9267-ea1597d1a42b", "created_at": "2023-01-06T13:46:38.389985Z", "updated_at": "2026-04-10T02:00:02.954105Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "Pawn Storm", "ATK5", "Fighting Ursa", "Blue Athena", "TA422", "T-APT-12", "APT-C-20", "UAC-0001", "IRON TWILIGHT", "SIG40", "UAC-0028", "Sofacy", "BlueDelta", "Fancy Bear", "GruesomeLarch", "Group 74", "ITG05", "FROZENLAKE", "Forest Blizzard", "FANCY BEAR", "Sednit", "SNAKEMACKEREL", "Tsar Team", "TG-4127", "STRONTIUM", "Grizzly Steppe", "G0007" ], "source_name": "MISPGALAXY:APT28", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e3767160-695d-4360-8b2e-d5274db3f7cd", "created_at": "2022-10-25T16:47:55.914348Z", "updated_at": "2026-04-10T02:00:03.610018Z", "deleted_at": null, "main_name": "IRON TWILIGHT", "aliases": [ "APT28 ", "ATK5 ", "Blue Athena ", "BlueDelta ", "FROZENLAKE ", "Fancy Bear ", "Fighting Ursa ", "Forest Blizzard ", "GRAPHITE ", "Group 74 ", "PawnStorm ", "STRONTIUM ", "Sednit ", "Snakemackerel ", "Sofacy ", "TA422 ", "TG-4127 ", "Tsar Team ", "UAC-0001 " ], "source_name": "Secureworks:IRON TWILIGHT", "tools": [ "Downdelph", "EVILTOSS", "SEDUPLOADER", "SHARPFRONT" ], "source_id": "Secureworks", "reports": null }, { "id": "ae320ed7-9a63-42ed-944b-44ada7313495", "created_at": "2022-10-25T15:50:23.671663Z", "updated_at": "2026-04-10T02:00:05.283292Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "APT28", "IRON TWILIGHT", "SNAKEMACKEREL", "Group 74", "Sednit", "Sofacy", "Pawn Storm", "Fancy Bear", "STRONTIUM", "Tsar Team", "Threat Group-4127", "TG-4127", "Forest Blizzard", "FROZENLAKE", "GruesomeLarch" ], "source_name": "MITRE:APT28", "tools": [ "Wevtutil", "certutil", "Forfiles", "DealersChoice", "Mimikatz", "ADVSTORESHELL", "Komplex", "HIDEDRV", "JHUHUGIT", "Koadic", "Winexe", "cipher.exe", "XTunnel", "Drovorub", "CORESHELL", "OLDBAIT", "Downdelph", "XAgentOSX", "USBStealer", "Zebrocy", "reGeorg", "Fysbis", "LoJax" ], "source_id": "MITRE", "reports": null }, { "id": "d2516b8e-e74f-490d-8a15-43ad6763c7ab", "created_at": "2022-10-25T16:07:24.212584Z", "updated_at": "2026-04-10T02:00:04.900038Z", "deleted_at": null, "main_name": "Sofacy", "aliases": [ "APT 28", "ATK 5", "Blue Athena", "BlueDelta", "FROZENLAKE", "Fancy Bear", "Fighting Ursa", "Forest Blizzard", "G0007", "Grey-Cloud", "Grizzly Steppe", "Group 74", "GruesomeLarch", "ITG05", "Iron Twilight", "Operation DealersChoice", "Operation Dear Joohn", "Operation Komplex", "Operation Pawn Storm", "Operation RoundPress", "Operation Russian Doll", "Operation Steal-It", "Pawn Storm", "SIG40", "Sednit", "Snakemackerel", "Sofacy", "Strontium", "T-APT-12", "TA422", "TAG-0700", "TAG-110", "TG-4127", "Tsar Team", "UAC-0028", "UAC-0063" ], "source_name": "ETDA:Sofacy", "tools": [ "ADVSTORESHELL", "AZZY", "Backdoor.SofacyX", "CHERRYSPY", "CORESHELL", "Carberp", "Computrace", "DealersChoice", "Delphacy", "Downdelph", "Downrage", "Drovorub", "EVILTOSS", "Foozer", "GAMEFISH", "GooseEgg", "Graphite", "HATVIBE", "HIDEDRV", "Headlace", "Impacket", "JHUHUGIT", "JKEYSKW", "Koadic", "Komplex", "LOLBAS", "LOLBins", "Living off the Land", "LoJack", "LoJax", "MASEPIE", "Mimikatz", "NETUI", "Nimcy", "OCEANMAP", "OLDBAIT", "PocoDown", "PocoDownloader", "Popr-d30", "ProcDump", "PythocyDbg", "SMBExec", "SOURFACE", "SPLM", "STEELHOOK", "Sasfis", "Sedkit", "Sednit", "Sedreco", "Seduploader", "Shunnael", "SkinnyBoy", "Sofacy", "SofacyCarberp", "SpiderLabs Responder", "Trojan.Shunnael", "Trojan.Sofacy", "USB Stealer", "USBStealer", "VPNFilter", "Win32/USBStealer", "WinIDS", "Winexe", "X-Agent", "X-Tunnel", "XAPS", "XTunnel", "Xagent", "Zebrocy", "Zekapab", "carberplike", "certutil", "certutil.exe", "fysbis", "webhp" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434394, "ts_updated_at": 1775792270, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/9a7e89d6a80660333a903e457f1ed5fd8b9ff7b5.pdf", "text": "https://archive.orkl.eu/9a7e89d6a80660333a903e457f1ed5fd8b9ff7b5.txt", "img": "https://archive.orkl.eu/9a7e89d6a80660333a903e457f1ed5fd8b9ff7b5.jpg" } }