The European Union (EU) and its Member States, in conjunction with international partners, have issued a strong condemnation of the malicious cyber campaign conducted by Russia-controlled Advanced Persistent Threat Actor 28 (APT28) against Germany and Czechia.
“Today, Germany has shared publicly its assessment on APT28 compromise of various e-mail accounts of the German Social Democratic Party executive. At the same time, Czechia announced its institutions have been a target of this cyber campaign,” the statement reads. It also mentions that state institutions, agencies, and entities in Member States, including in Poland, Lithuania, Slovakia, and Sweden, have been targeted by the same threat actor before. In 2020, the EU imposed sanctions on individuals and entities responsible for the APT28 attacks targeting the German Federal Parliament in 2015.
The statement highlights Russia’s continuous pattern of irresponsible behaviour in cyberspace, targeting democratic institutions, government entities, and critical infrastructure providers across the European Union and beyond. This behaviour is contrary to the UN norms of responsible state behaviour in cyberspace, such as impairing the use and operation of critical infrastructure.
“Disregarding international security and stability, Russia has repeatedly leveraged APT28 to conduct malicious cyber activities against the EU, its Member States, and international partners, most notably Ukraine,” the statement continues.
The EU has made it clear that it will not tolerate such malicious behaviour, particularly activities that aim to degrade critical infrastructure, weaken societal cohesion, and influence democratic processes. This is especially pertinent considering this year’s elections in the EU and in more than 60 countries around the world.
The statement concludes with a firm commitment from the EU and its Member States to continue cooperating with international partners to promote an open, free, stable, and secure cyberspace. The EU is determined to make use of the full spectrum of measures to prevent, deter, and respond to Russia’s malicious behaviour in cyberspace. This strong stance sends a clear message to all cyber threat actors: malicious activities will not be tolerated.
