A cyber attack targeted the German Air Traffic Control Agency (DFS), as reported by Spiegel and European Truth. DFS, based in Langen near Frankfurt, confirmed that attackers breached its office connection but confirmed that air traffic was not impacted.
“Our office connection was hacked, and we are now taking protective measures.” DFS is working to minimise the consequences of the incident.” a spokesperson for DFS said on 1 September.
DFS immediately reported the attack to national security authorities. Cybersecurity experts linked the attack to the Russian nation-state actor APT28 which was responsible for the 2015 attack on the Bundestag.
The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.
The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).
In May, Germany temporarily recalled its ambassador to Moscow following a state-sponsored Russian cyberattack that targeted members of its ruling party.
DFS did not share details about the security breach.
The attacks, aimed at German Social Democratic Party, defense, aerospace companies, began two years ago and were linked to the Russian hacker group APT28, which exploited a vulnerability in Microsoft Outlook to hack email accounts. On May 3, the EU and NATO condemned Russia’s cyber campaign against Germany and the Czech Republic, while NATO expressed solidarity with both countries in response to the attacks.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, German air traffic control)