The European Union officials have formally associated Russia with a new hacking campaign tracked as Ghostwriter. The operation’s focus has been on high-profile EU representatives, journalists, and the general public.
Russia is now officially accused of interfering with the elections and political systems of multiple European countries.
These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data.
Such activities are unacceptable as they seek to threaten our integrity and security, democratic values and principles, and the core functioning of our democracies.
As declared by the EU representatives, these actions are in contradiction to the standards of responsible State behavior in cyberspace as publicly approved by all UN Member States.
They added that through these cyberattacks, threat actors attempt to threaten these states’ democratic institutions and processes, including by enabling disinformation and information manipulation.
GhostWriter Background Info
Ghostwriter has been ongoing since 2017, according to a 2020 report from cybersecurity firm FireEye. It has participated in anti-NATO disinformation operations, cyber espionage, and politically damaging hacking campaigns all over Europe.
In a follow-up report released in April this year, FireEye connected the Ghostwriter operation to UNC1151, a hacker that is believed to be financed by the Kremlin.
Germany Also Accused Russia
Earlier this month, Deputy Foreign Ministry spokeswoman Andrea Sasse declared that Russia is held responsible for a cyberattack that affected the German parliament. The threat actors are believed to belong to the disinformation operation dubbed “Ghostwriter,” which is connected to Russia-based military intelligence.
The attack came ahead of Germany’s parliamentary election on September 26th, just as it did in 2015 ahead of previous elections. She stated:
The German government has reliable information according to which ghostwriter activities can be attributed to cyber protagonists of the Russian state or Russia’s GRU military intelligence (service).
As mentioned by BleepingComputer, in March 2021, multiple Parliament members have been targeted in a spear-phishing campaign conducted by the Ghostwriter threat actor, according to Germany.
Cybercriminals allegedly hacked the email accounts of seven members of the German federal parliament (Bundestag) and 31 members of German regional parliaments.
The fight against cyber attacks is crucial for European security. With EU Member States, we observed malicious cyber activities, collectively designated as #Ghostwriter. They seek to threaten our integrity,security, democratic values&principles+core functioning of our democracies https://t.co/XokFJs6NkM
— Josep Borrell Fontelles (@JosepBorrellF) September 24, 2021
Russia always said it has nothing to do with the GhostWriter campaign, but at the moment is expected to respond to the EU’s newest declaration:
The European Union and its Member States strongly denounce these malicious cyber activities, which all involved must put to an end immediately. We urge the Russian Federation to adhere to the norms of responsible state behavior in cyberspace.
The European Union will revert to this issue in upcoming meetings and consider taking further steps.