The European Union is getting ready to slap sanctions on a group of Russian hackers, according to three diplomats involved — a move that would mark a turning point in the blocs efforts to address foreign hacking.
The sanctions, expected later this year, come after the German government announced it “had evidence” tying members of a Russian hacking group to the cyberattack on the Bundestag in 2015.
Diplomats gathered physically Wednesday in Brussels to discuss the Bundestag hack and whether they should respond using a new cyber sanctions regime.
European countries have weighed sanctioning foreign nationals and entities involved in hacking for months, but talks were mired in secrecy as governments weighed their options. That changed when Chancellor Angela Merkel — previously reluctant to chide Russia over hacking — said last month that Berlin could not “simply ignore” an “outrageous” attack, and her government called for an EU response.
“This is a violation of Germanys sovereignty. Thats a big deal, and thats what theyre signaling,” said Chris Painter, former chief U.S. cybersecurity diplomat under President Barack Obama.
Germanys effort to bring a European response marks the first serious test of the blocs sanctions regime.
Berlins embrace of sanctions is likely to convince other EU countries to move forward, experts said.
Capitals “may want to use this occasion to demonstrate that similar attacks against any member state are significant enough to merit sanctions,” said Patryk Pawlak, executive officer at the EU Institute for Security Studies, the in-house think tank of the Council of the European Union.
“It would be a clear signal for others to stay away from our political institutions,” he added.
Berlins line in the sand
The immediate target of Berlins ire is Dmitry Badin, a 29-year-old prolific hacker who is also on the U.S. Federal Bureau of Investigations wanted list for his involvement in the hacking of the 2016 presidential election.
A spokesperson for the German foreign ministry said in a statement last week that Badin is “strongly suspected” of being behind the Bundestag hack, and German prosecutors have issued an arrest warrant for him.
“There are strong indications that he was a member of the [Russian] GRU military intelligence service at the time of the attack,” the spokesperson added. The GRU intelligence service includes the notorious hacking group known variously as APT28, Sofacy and Fancy Bear that Badin is suspected to be part of.
When the attack took place in May 2015, the German parliaments computers went dark, and the chamber was later forced to rebuild its entire security system from scratch.
While it remains unclear what data was compromised, the brazenness of the attack and the symbolism of its target have made it a cause célèbre in Germany.
“This is something thats very dear to Merkel,” said Julia Schuetze, a researcher at the Berlin-based think tank Stiftung Neue Verantwortung, said. “She herself was affected, and so were other members of parliament.”
Berlins effort to seek retribution follows years of frustration over Russian hacking as intelligence agencies and cybersecurity firms increasingly tied major attacks to the Kremlin.
In February, a group of European countries and members of the “Five Eyes” intelligence community called out Russias intelligence service for launching a “totally unacceptable” cyberattack on networks of Georgias government, courts and other organizations.
That same month, French President Emmanuel Macron told a crowd of security officials in Munich that Russia “will remain a country that tries to intervene” in European elections, and that EU nations “need to be quick in our reaction” and “agree on sanctions.”
Already in 2018, Western governments criticized Russia over a series of high-profile cyberattacks, including one on Dutch soil against the Organization for the Prohibition of Chemical Weapons, while the U.K. and the U.S. have said that Moscow was “almost certainly responsible” for the global outbreak of NotPetya ransomware that caused billions of euros in damages.
Pandemic halted earlier sanctions
Germanys effort to bring a European response marks the first serious test of the blocs sanctions regime, which entered into force in May 2019. So-called restrictive measures like asset freezes and travel bans require the unanimous consent of all EU countries — a difficult hurdle to overcome.
Talks about using the new sanctions against the Russian hacking group started months ago, with cyber diplomats close to agreeing on sanctions against Russian and Chinese entities just before the coronavirus outbreak in Europe, Bloomberg reported.
But the pandemic disrupted the process, three diplomats involved in the talks told POLITICORead More – Source
[contf] [contfnew]
politico
[contfnewc] [contfnewc]