Germany's air traffic control organization the Deutsche Flugsicherung (DFS) has confirmed that it was the target of a significant cyberattack.
The incident, which was discovered last week, has severely disrupted office communications within the DFS, though air traffic operations remain unaffected. The attack is suspected to have been carried out by the Russia-linked hacker group APT28 aka Fancy Bear and Strontium, which has strong links to Russia's military intelligence service, the GRU.
APT28 has been involved in cyber espionage activities since 2004, targeting political organizations, media outlets, and government agencies across various countries. Since the beginning of Russia’s invasion of Ukraine on February 24, 2022, APT28 has been relentlessly targeting Ukraine’s government and military. Last September, the group targeted an energy infrastructure facility in Ukraine, and January of 2024 it was observed condicting phishing attacks against military personnel and units of the Ukrainian Defense Forces.
The DFS plays a crucial role in ensuring the safety and efficiency of Germany's airspace. A spokesperson for the organization told the German Press Agency that defensive measures have been implemented to counter the effects of the cyberattack. However, the spokesperson did not provide specific details about which systems were targeted or the exact nature of the countermeasures being employed.
Following the attack on DFS, German security authorities were promptly notified. The Federal Office for the Protection of the Constitution (BfV), Germany's domestic intelligence agency, confirmed that the cyberattack is under investigation.