Signal
Submitted
Apr 28, 2026, 13:45 UTC
In September 2021, the German government condemned Russian GRU-linked cyberattacks on Bundestag members' emails using phishing to steal data or spread disinformation ahead of elections.
Ahead of the 2021 Bundestag elections, German parliamentarians were targeted for at least the third time by cyberattacks attributed to foreign intelligence services. The Federal Government specifically accused the Russian state military intelligence service GRU, linked to the 'Ghostwriter' group, of orchestrating phishing attacks against members of the Union and SPD parties to exfiltrate sensitive information or distribute false narratives. The attacks focused on private and official email accounts and used carefully crafted emails with malicious attachments or links to implant spyware. The government publicly condemned these acts as unacceptable and a risk to national security, demanding cessation in direct discussions with Russian officials and warning of potential further actions. This follows previous known Russian cyber operations, including the large-scale 2015 Bundestag hack.
Confidence: High
The article explicitly states that Russian military intelligence (GRU) linked cyberattacks targeted German Bundestag members, with statements from government officials and direct diplomatic responses, clearly indicating hostile aggressor activity.
Source URL
https://tagesschau.de/ausland/cyberangriffe-russland-gru-ghostwriter-101.html
Source reliability
A
Info credibility
6
Event time
Sep 6, 2021, 14:05 UTC
Event time confidence
exact
Location
Bundestag, Berlin
Region
Berlin
Primary actor
Ghostwriter cyber actors of the Russian military intelligence service GRU
Country
Germany
Countries
Germany
Tags
GRU, Russia, cyberattacks, Phishing, Ghostwriter, Bundestag, German Bundestag, offensive cyber operations
Nodes
Node 2: 5th Column