German authorities thwarted a cyberattack on a data service provider used by federal agencies and pushed back on a report that a broad assault targeted critical infrastructure and banks.
The attempt was quickly dealt with and impact on service was “very marginal,” Interior Ministry spokesman Steve Alter told reporters on Wednesday, adding that it was likely criminally motivated.
He was queried about a report by Bild newspaper, which cited unidentified intelligence sources saying that a hacker group linked to the Kremlin had carried out an attack on German infrastructure and the country’s banking system.
Bild identified the group as “Fancy Lazarus” after earlier referencing “Fancy Bear,” a group controlled by Russia’s GRU military intelligence agency that was behind the hacking of Hillary Clinton’s staff before the 2016 election, according to a 2018 U.S. Department of Justice indictment.
Authorities haven’t detected an increase in cyber activities in recent days, Alter said.
Germany’s BSI Federal Cyber Security Authority denied the report on Twitter and said that the agency had no knowledge of the attack, which Bild said may be revenge for international sanctions leveled on Russia and Belarus.
Das BSI dementiert Medienberichte zu vermeintlichen Cyber-Angriffen auf #KRITIS und Banken. Wir haben derartige Angriffe nicht bestätigt. Es liegen derzeit auch keine Hinweise auf derartige Angriffe vor. #infosec #CyberSecurity #DeutschlandDigitalSicherBSI
— BSI (@BSI_Bund) June 30, 2021
Proofpoint Inc., a cybersecurity firm, said this month in its blog that Fancy Lazarus previously identified themselves as Fancy Bear and has been involved in an increasing number of so-called distributed denial-of-service attacks, including against the energy, financial and insurance industries. Such attacks attempt to overload systems by flooding the target with superfluous requests from multiple sources.
Proofpoint said there was no known connection to the Fancy Bear group that has been labeled an advanced, persistent threat.
Spokespeople for Deutsche Bank AG and Commerzbank AG and for lobby groups for savings, cooperative and private lenders said they were looking into the report. Germany’s BaFin financial regulator and the European Central Bank didn’t immediately respond to requests for comment.
With elections looming in September and Chancellor Angela Merkel poised to step aside, German authorities are on the alert for the potential for interference from Russia, both in terms of cyberattacks on infrastructure as well as disinformation campaigns.
The Green party’s chancellor candidate, Annalena Baerbock, has become a target given her strong opposition to the almost-completed Nord Stream 2 pipeline that would channel gas from Russia to Germany.
Russia has repeatedly denied state involvement in hacking. President Vladimir Putin told reporters after his summit with U.S. President Joe Biden this month that the two sides had agreed to “start consultations” on cybersecurity, adding that the sides should “discard all conspiracy theories” about attacks.
After cyberattacks in the U.S. linked to Russia in December, Kremlin spokesman Dmitry Peskov rejected allegations of Russian involvement, saying “there’s no need to immediately blame the Russians for everything without basis.” Peskov didn’t immediately respond to a request to comment.
By Patrick Donahue and Jake Rudnitsky–Bloomberg Mercury