In Germany, several media outlets and a chemical research organization were exposed to cyberattacks, Deutsche Welle reports , citing the Federal office for the Protection of the Constitution.
According to German intelligence services, a wave of attacks was carried out in order to allegedly commit espionage. Then intelligence services believe that the attacks carried out in August 2017 and June 2018, which are possibly on-going, were made by the Russian group of hackers called Sandworm.
This so-called “attack of spear phishing” was carried out with high accuracy against specific targets. Letters were sent via email on behalf of a trustworthy sender with an attached infected document in Word format. When a user opened it, a recommendation appeared asking to allow running macros. If the user gave such authorization, it provided the opportunity of surveillance of network infrastructure and the ability to control it. There is a possibility that besides the media companies and chemical organization, other enterprises were attacked as well.
According to the intelligence service, the highly-qualified technical and extremely aggressive group has operated since at least 2013. Among others, it is known for the attacks against energy facilities in Ukraine.
In June, the President of the Federal Office for the Protection of the Constitution, Hans-Georg Maassen, accused Russia of the large-scale cyberattack against German power grids and energy companies. The first signs of the attack appeared in summer 2017. Perpetrators tried to infiltrate internet networks of German energy suppliers, however, they managed to hack network infrastructures only in offices of several companies.
In December 2015, Ukrainian company Prykarpattyaoblenergo informed that hackers carried out an attack against its computer system, and as a result, 700 thousand residents of the Ivano-Frankivsk region were left without electricity. Apart from Prykarpattyaoblenergo, Kyivoblenergo, Chernivtsioblenergo, Khmelnytskoblenergo and Kharkivoblenergo were also exposed to cyberattacks. The American company iSight Partners specializing on cyber intelligence, found out that a Russian group of hackers Sandworm is involved in power outages.