Skip to content ↓ | Skip to navigation ↓

According to media reports, a malware attack has managed to disrupt the operations of parliamentary business in the German federal state of Saxony-Anhalt.

The problem at the Saxony-Anhalt Landtag appears to have started after a state parliament employee opened a malicious email attachment on Wednesday that proceeded to infect their PC.

The computer network of the parliament in the German state of Saxony-Anhalt is said to have been “crippled”, as employees and representatives have been told by the IT team to take their PCs and phones offline as a “contingency measure”.

Deutsche Welle describes the malware as a strain of ransomware, which – if true – might explain why the rest of the network has been taken offline as a precaution.

The most interesting question is, of course, was the Saxony-Anhalt state parliament specifically targeted by the malware attack, or did it just fall victim to a ransomware attack that had been spammed out to a large number of people?

If the malware was indeed ransomware then it would not fit into the standard model of state-sponsored espionage – which is by its very nature stealthy, rather than the by-their-very-nature “noisy” behaviours typical of ransomware.

Whatever the nature of the malware that hit the German state parliament, and the intentions of those who created it, we do know that German politicians are no stranger to being on the receiving end of malware attacks.

Earlier this year it was revealed that the German parliament had been attacked via a malvertising attack planted on the Jerusalem Post‘s website.

The Sueddeutsche Zeitung newspaper claimed that at least 10 German lawmakers at the Bundestag were affected by the attack, although it feels to me that although hackers could have caused the Jerusalem Post to display German-language adverts to surfers from German, it would be an ineffective way to target specific politicians.

A much more serious incident occurred in 2015, when the Russian “Fancy Bear” hacking group (also known as APT28, Sednit, Sofacy and Strontium) was blamed for a six-month wave of Trojan attacks designed to gather intelligence and gain access to the Bundestag’s Parlacom network.

The Trojans managed to infiltrate the parliament’s network via an entry point that will be all too familiar to those of us tasked with protecting corporate networks: malicious files and dangerous links, often arriving via email.

At around the same time, it was claimed that a computer used by German Chancellor Angela Merkel in the lower house of parliament was amongst the first to be infected by a Trojan horse under the control of the Russian state-sponsored hackers.

The Fancy Bear group has also been widely blamed for a number of other hacks, including the high profile 2016 breach of the United States Democratic National Committee as Hillary Clinton ran her ultimately unsuccessful Presidential bid.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.