The Russia connectionGermany Urges EU to Impose Cyber Sanctions on Russia for Bundestag Hacking

Published 14 July 2020

The German government has made an official proposal to the European Union to impose sanctions on Russian individuals behind a broad hacking of the Bundestag five years ago. If the EU accepts the German proposal, it would be the first use of an EU cyber sanctions regime which was adopted by the organization in 2017, but which is yet to be used.

The German government has made an official proposal to the European Union to impose sanctions on Russian individuals behind a broad hacking of the Bundestag five years ago.

If the EU accepts the German proposal, it would be the first use of an EU cyber sanctions regime which was adopted by the organization in 2017, but which is yet to be used.

New Europereports that the German intelligence services have evidence that the GRU, Russia’s military intelligence branch which orchestrated the effective Kremlin 2016 effort to help Donald Trump win the November presidential election, was responsible for the 2015 network hacking in which Russian government hackers siphoned off more than 16 gigabytes of data, documents, and emails from Bundestag’s IT network, including thousands of emails from Angela Merkel’s Bundestag office. 

It was the largest cyber hacking ever carried out against the Bundestag.

In May, Germany’s attorney general issued an international arrest warrant against Russian citizen Dmitry Badin, who is “strongly suspected of being responsible” for the attack and who is a “member of the group APT28,” the response to the inquiry said.

To maintain deniability, the Kremlin often contracts its hacking and active measures (that is, influence campaigns carried on social media) efforts to “private” organizations such as the APT28 hacking group, and the St. Petersburg-based Internet Research Agency. In the case of the hacking of the Bundestag, however, hackers who work directly for the GRU worked alongside hackers from APT28.

On 3 June 2020, the German government “substantiated sanction proposals within the EU framework by presenting a comprehensive package of evidence based on the results of German investigative authorities and on intelligence information as well as publicly available sources,” the government spokesperson said.

Following an earlier investigation from Germany’s Federal Prosecutor General, Chancellor Angela Merkel had made reference to “hard evidence” of Russian involvement in an “outrageous” operation. 

In 2017, the European Council developed a framework for a joint EU diplomatic response to malicious cyber activities, known as the “EU Cyber Diplomacy Toolbox.”

Analysts note that the EU cyber response framework is aimed “at individuals or groups, not states,” the German government stressed in its response.

In its notification to the EU, Germany said that “The federal government assumes that a danger continues to emanate from the originator” (of the 2015 attack).