Explainer

Germany recalls ambassador to Russia over cyberattacks

Germany was targeted by two of the largest global cyberattacks by throughput and bandwidth last year. Alex Blair reports.

German ambassador to Russia Alexander Graf Lambsdorff was recalled from Moscow. Credit: Sefa Karacan / Getty Images

Aseries of cyberattacks targeting Germany’s politicians, tech and defence industries has prompted Chancellor Olaf Scholz to recall the German ambassador to Russia, with Berlin blaming Moscow for the hacks. 

Ambassador Alexander Graf Lambsdorff has reportedly been called back for “consultations” and will stay in Berlin for a week before returning to Moscow. 

German Foreign Minister Annalena Baerbock described the attack as “a state-sponsored Russian cyberattack”, saying it was “absolutely intolerable and unacceptable and will have consequences”. 

APT28, the hacker group allegedly responsible, has links to Russian military intelligence. The UK’s National Cyber Security Centre (NCSC) describes APT28 as “a highly skilled threat actor” that uses “tools including X-Tunnel, X-Agent and CompuTrace to penetrate target networks”. 

Cyberattacks and Russia’s invasion of Ukraine go hand in hand. 

This spate of cyberattacks on Germany proceeded Scholz’s decision to send Leopard 2 battle tanks to the Ukrainian frontlines last year. 

On Wednesday (8 May), the UK expelled the Russian defence attaché, allegedly an “undeclared military intelligence officer”, in response to what the Home Office called a “pattern of alleged Russian malign activity across the UK and Europe”. 

Why has Germany been so heavily targeted by cyberattacks?

News of Berlin’s ambassador recall comes amid revelations that Germany was the target of the two largest cyberattacks in 2023, according to a recent report by cybersecurity experts NetScout. 

On 17 November, German servers were hit by 2023’s largest attack by throughput (334Mpps) across multiple vectors. 

A month later, on 24 December, Berlin toiled to repel the year’s largest attack by bandwidth (1.096Tbps), the report says. 

“Germany has always been one of the more heavily targeted European countries,” Richard Hummel, threat intelligence lead at NetScout, tells Army Technology. 

“Whether that is due to a larger network footprint, ongoing cyber disputes, or just generally more users targeting users is unknown at this time.” 

German Defence Minister Boris Pistorius (left), President Frank-Walter Steinmeier (centre) and Ukrainian Ambassador to Germany Oleksii Makeiev (right) unveil a German Leopard 1A5 main battle tank at a military training centre for Ukrainian crews on 23 February near Klietz, Germany. Credit: Sean Gallup / Getty Images

While the global number of cyberattacks rose significantly last year, Berlin has long faced more than its fair share. Germany is Russia’s main adversary in Europe – and the most generous European supplier of military aid to Ukraine. 

Such behaviour has drawn the ire of pro-Kremlin cybergangs including NoName057, Killnet, Anonymous Sudan and Russian Cyber Army Team. 

Hummel, however, believes Germany successfully handled these large attacks. “Terabit attacks are no longer a rarity and happen quite frequently, as do high throughput attacks like the one seen in Germany,” he says. 

This is merely the latest indication of prevalent cyber warfare committed by Russia across Europe. On 6 May, the Czech Republic summoned the Russian ambassador because of hacks on Czech institutions and critical infrastructure.  Hours later, a major hack on payroll data at the UK Ministry of Defence was also revealed, with China the main suspect. 

Data shows Sweden’s hard-fought accession to Nato in March came with a sharp spike in cyberattacks, while the election of pro-EU Prime Minister Donald Tusk in Poland prompted a wave of Kremlin-affiliated hacks last December. 

Nato and EU member states will look to bolster cybersecurity defences as Moscow and other “malign actors” continue to launch barely traceable cyberattacks through digital domains.