Germany has not been affected by cyberattacks that can be traced back to Russia, the government has confirmed, despite other EU countries experiencing a sharp increase. However, this may be due to how Germany defines such attacks. EURACTIV Germany reports.
Since Russia invaded Ukraine on 24 February, Germany has not yet become the target of cyberattacks that can be demonstrably attributed to Russian sources, the government confirmed following a question from the conservative CDU/CSU parliamentary group on Wednesday (4 May).
While this may appear surprising, details are crucial when interpreting such data, Sven Herpig, head of international cybersecurity policy at the think tank Stiftung Neue Verantwortung, has said.
“Just because nothing else is known does not mean that there were no incidents. But these may not be accurately attributed,” Herpig told EURACTIV.
The current situation suggests Russia is instead focusing on Ukraine with cyber operations, said the expert, adding that countries have different ways of measuring cyberattacks.
The Romanian example
The number of cyberattacks in Romania has increased exponentially, rising from 100 per day at the end of February to 11,414 on 3 May, according to figures from the country’s National Directorate for Cyber Security.
“The reported cyberattacks were mainly DDoS attacks. The severity levels are low and almost none were successful,” a spokesperson of the national cybersecurity body told EURACTIV.
Such DDoS attacks, in which artificial overloads make the attacked websites inaccessible, are relatively easy to carry out and only require a low level of technical expertise – something that is reflected in €80-€1,500 per month such attacks can be purchased for on the darknet, the German criminal police office wrote in a report for 2020.
Romania’s cybersecurity body also recorded disinformation and fake news as cyber attacks. “So this is a purely quantitative listing,” according to Herpig.
To determine whether cyberattacks are linked to Russia’s war in Ukraine, relevant national cybersecurity authorities match IP addresses with threat patterns used by actors who engage in Russia’s war via cyber actions, a spokesperson of Romania’s cybersecurity body told EURACTIV.
“One of the cyber-crime groups responsible for the DDoS attacks initially claimed responsibility for the attacks on its Telegram account, justifying them by Romania’s support for Ukraine in the ongoing conflict,” the spokesperson added.
According to information provided by Romania’s cybersecurity body, the group has also targeted NATO and countries like the Czech Republic, Moldova, Lithuania, and Germany.
A matter of interpretation
However, it is often difficult to say how Germany classifies an attack as “related to the Russian invasion”, as this is decided by various cyberdefence agencies that cooperate with each other.
To determine whether attackers play or have played a role in Russia, investigations are carried out in cooperation with the Federal Office for Information Security (BSI), said Herpig.
“But there is no fixed framework here, it’s a matter of interpretation,” Herpig added.
[Edited by Nathalie Weatherald]