German MFA summons Russian ambassador over national security threat
The Russian ambassador to Germany was summoned to the German Foreign Ministry over a large-scale cyberattack and a disinformation campaign during the federal election campaign, which German authorities say were carried out by Russian intelligence services.
Foreign Ministry spokesperson Martin Giese stated this at a briefing on Friday, Ukrinform reports.
According to him, an analysis by German intelligence allowed them to prove Moscow's responsibility for specific instances of espionage and cyberattacks, including attempted sabotage.
He said that two methods of national attribution made it possible to trace responsibility. The German side could now clearly attribute the cyberattack on the German air traffic control service in August 2024 to the hacker collective APT 28, also known as Fancy Bear, and intelligence data showed that Russia's military intelligence service, the GRU, was responsible for this attack. He also stated that Russia, through the Storm 15 campaign, had attempted to influence and destabilize Germany's internal affairs, particularly the recent federal elections.
Giese noted that there was credible information indicating that the Moscow analytical center Center for Geopolitical Expertise and the organization Two-Headed Eagle Movement were behind this campaign, and that they were supported by the GRU.
He explained that the analysis showed how various platforms were spreading artificially generated content such as supposed investigative materials, deepfake videos, pseudo-journalistic websites, and fabricated testimonies.
He stressed that the goal of these Russian cyberattacks and disinformation efforts was to divide society, sow distrust, provoke rejection, and weaken trust in democratic institutions, and that this manipulation was part of a broader pattern of Russian actions aimed at undermining confidence in Germany's democratic institutions and processes. He emphasized that Russia posed a real threat to Germany's security not only through its aggressive war against Ukraine, but also through such activities inside Germany.
For this reason, Giese stated, the Russian ambassador had been summoned and was clearly informed that Germany was closely monitoring Russia's actions and would counter them.
He added that Germany was fully confident in its findings and that the Russian ambassador had certainly understood them without needing lengthy evidence, as the German side could prove its claims with solid, indisputable facts.
Giese assured that Russia's unacceptable actions would have consequences. He said that, in close coordination with European partners, Germany was taking a number of countermeasures aimed at stopping Russia's hybrid activity, and that new individual sanctions at the European level were being supported, including travel bans, asset freezes, and bans on providing economic resources.
He clarified that starting in January 2026, Germany and its EU partners would monitor cross-border movements of Russian diplomats within the Schengen area.
Giese said that the goal was to ensure better information-sharing and reduce intelligence risks. He also mentioned that additional bilateral restrictions would be imposed on Russian diplomatic personnel.
The Interior Ministry confirmed that investigations had been conducted into both incidents. It explained that since June 2024, the Central Office for the Detection of Foreign Information Manipulation (ZEAM) had been operating within the ministry alongside other agencies to ensure early detection of foreign influence and manipulation campaigns, analyze their methods, distribution channels, and mechanisms of influence online and on social media. It was also reported that a new central platform was planned for interagency coordination in countering hybrid threats and forming a unified situational overview.
As reported earlier, in September 2024 the German Air Navigation Service had announced it had been the victim of a hacking attack, which occurred at the end of August, a week before being made public. During the federal election campaign, the Storm 15 campaign had spread videos containing blatant falsehoods across numerous fake websites, primarily targeting the CDU/CSU and the Greens. A few days before the February federal elections, several fake videos had appeared online alleging that postal voting documents had been forged.
IT experts at Microsoft assessed Storm 15 as a state-controlled Russian campaign, and they believed that the group had attempted to influence the 2024 US presidential election in favor of Donald Trump by spreading fabricated stories targeting the Democratic Party.