GRU hackers (aka Fancy Bear) have allegedly managed to access the emails of the constituency office of Chancellor Angela Merkel. Although this occurred five years ago, Der Spiegel has just reported on the incident. There have been no official comments from the German government yet, and with Merkel being still at the helm, the matter remains sensitive. On the other side, Moscow has flatly denied having hacked or attacked the German office in 2015, or at any other time. Der Spiegel hasn’t revealed its sources yet, so the story is somewhat "fluid" at the moment.
The piece claims that the hackers gained access to the Chancellor’s official computers that contained email messages from the MP office dating as far back as 2012. So, at the time of the access, the hackers could read the communications dating as far as three years before. The news outlet is even providing details such as the fact that initially, the hackers had trouble breaking into the systems because their keyboard layout wasn’t supporting umlauts. Moreover, the username that was utilized in the hack is “Scaramouche,” and the actor eventually managed to paralyze the IT system of the Chancellor’s office. In total, the hackers exfiltrated 16 GB of data, including thousands of emails from two addresses, as well as various other files that no one is sure about their contents.
The Federal Criminal Police Office (BKA) and the Federal Office for Information Security (BSI) have allegedly launched an investigation on the attack and seized 300 servers in 21 countries while trying to locate the stolen data and the actors. These operations remained a secret until today, and without official confirmations from either side, it is still a story of a disputed and even doubtful basis. Der Spiegel may produce more evidence or proof in the following days or weeks, as the particular publication is generally considered reliable. Moreover, “the Moscow Times” reported last week that prosecutors in Germany had issued an arrest warrant for Dmitry Badin, who is connected with the 2015 incident.
The same group of hackers is believed to have been those who accessed “Burishma Holdings” in January 2020, and also those who targeted the Tokyo 2020 Summer Olympics back in October 2019. The Fancy Bear, or APT28, is thought to have clear ties with the Russian government, as their motives are always revolving around cyber-espionage and political-level retaliation. They are not engaging in profit-seeking and money-stealing attacks, so they are most likely financially supported by their country.