Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns

Russia’s notorious hacking group Fancy Bear is targeting European governments with cyberattacks, the European Union’s cyber emergency response team has warned officials in a note seen by POLITICO.

At least seven European governments have been targeted with spearphishing campaigns, which include using custom-tailored lures to target specific, high-profile targets to download malicious software or give away access to digital systems.

“We assess that the threat level posed to [EU institutions and agencies] by this activity is high,” the bloc’s Cyber Emergency Response Team for the EU (CERT-EU) said in a note classified for limited distribution (TLP Amber+Strict) sent earlier in November.

Fancy Bear, also known as APT28, is a Russian intelligence-affiliated hacking group that the United States said was behind the 2016 hacks of the Democratic National Committee which contributed to Donald Trump’s election win. The group was also sanctioned by EU authorities in 2020 for the 2015 hack of the German Bundestag.

The group "is leveraging diverse decoy documents to lure victims, including the meeting minutes of a subcommittee of the European Parliament and a report from a United Nations Special Committee,” the note read.

The warning comes amid growing concerns that next year’s European election will be targeted by hacking groups from countries with a cyberoffensive program against Europe, like Russia and China. EU voters head to the polls in June.

Russian state-affiliated hacking groups have plagued European countries with cyberattacks, cyberespionage and disinformation campaigns for years, in what EU countries deem are attempts to derail their domestic politics and diplomatic posturing.

Fancy Bear in particular is one of Moscow’s most crafty threat groups that has been operating for at least 15 years. It specializes in infiltrating government and critical industry organizations across the West and using hacked information to disrupt politics.

CERT-EU supports all EU institutions in their operational responses against cyberattacks. It also works with national cyber agencies and organizations to share intelligence and fend off attacks.

European Commission spokesperson Johannes Bahrke declined to comment on the new warning but said the institution "is aware of the rising number of malicious cyber activities at a global scale."

"Regular information sharing is paramount to allow all key actors in the EU to be aware of possible threats and to acquire, wherever possible, new insights to assess and mitigate cyber risks," he said.

The European Parliament declined to comment. The Council of the EU did not respond to a request for comment.