Healthy processed event from Hybrid War Tracker
Headline: Cyberattacks Target German Bundeswehr Suppliers with Russian Links Investigated
Short Summary: In June 2025, German media sources WDR, NDR, and Süddeutsche Zeitung reported two significant cyber incidents targeting Bundeswehr suppliers. A Hessian satellite communication contractor experienced a ransomware attack potentially compromising confidential Bundeswehr classified and operational data, although the Bundeswehr later assessed limited damage. Simultaneously, an engineering firm in Lower Saxony working on sensitive Bundeswehr infrastructure and operational defense plans was hacked, with unknown data losses. German law enforcement, including state criminal police in Hesse and North Rhine-Westphalia, conducts forensic investigations. Security sources attribute the attacks to Russian cybercriminals, possibly sharing tools with Russian state intelligence, reflecting blurred lines between crime and espionage. The Bundeswehr Cyber Security Center and Military Counterintelligence Office oversee defense and mitigation efforts. In parallel, the Bundeswehr has faced an increase in DDoS and phishing attacks since the 2022 Russian invasion of Ukraine, attributed to Russian APT groups like GRU-affiliated APT28. Chancellor Merz publicly acknowledged Russia's ongoing hybrid warfare campaign targeting Germany, characterized by espionage, sabotage, and extensive disinformation operations.
Extended Summary: In June 2025, German media sources WDR, NDR, and Süddeutsche Zeitung reported two significant cyber incidents targeting Bundeswehr suppliers. A Hessian satellite communication contractor experienced a ransomware attack potentially compromising confidential Bundeswehr classified and operational data, although the Bundeswehr later assessed limited damage. Simultaneously, an engineering firm in Lower Saxony working on sensitive Bundeswehr infrastructure and operational defense plans was hacked, with unknown data losses. German law enforcement, including state criminal police in Hesse and North Rhine-Westphalia, conducts forensic investigations. Security sources attribute the attacks to Russian cybercriminals, possibly sharing tools with Russian state intelligence, reflecting blurred lines between crime and espionage. The Bundeswehr Cyber Security Center and Military Counterintelligence Office oversee defense and mitigation efforts. In parallel, the Bundeswehr has faced an increase in DDoS and phishing attacks since the 2022 Russian invasion of Ukraine, attributed to Russian APT groups like GRU-affiliated APT28. Chancellor Merz publicly acknowledged Russia's ongoing hybrid warfare campaign targeting Germany, characterized by espionage, sabotage, and extensive disinformation operations.
In mid-June 2025, two German Bundeswehr suppliers were targeted by cyberattacks involving ransomware and hacking, with initial evidence pointing to Russian-affiliated groups. One attack hit a Hessian company providing satellite communication services to the Bundeswehr, potentially jeopardizing sensitive classified and operational data. Concurrently, a Lower Saxony engineering firm involved in Bundeswehr facility planning, including classified operational defense plans, was also breached. Ongoing IT forensic investigations and law enforcement probes are active, with suspicions of cooperation between Russian state actors and cybercriminal groups. The Bundeswehr's Cyber Security Center and Military Counterintelligence agencies are coordinating defense efforts amid increasing cyber threats, including more frequent DDoS and phishing attacks linked to Russian Advanced Persistent Threat (APT) groups such as APT28 (GRU). Chancellor Friedrich Merz confirmed Russia's hybrid warfare against Germany, citing espionage, sabotage, and disinformation campaigns.
The source explicitly attributes recent cyberattacks on Bundeswehr suppliers to Russian-linked hacker groups, outlines ongoing forensic and law enforcement investigations, and includes official statements from defense and government officials confirming the cyber threat and its Russian origin, supporting a high confidence classification of an aggressor cyber attack targeting military infrastructure.
Add a source URL for enrichment
Prefer one-click submissions? Install the HWT Chrome extension from the Web Store. Get extension .