The heads of the Federal Intelligence Service (BND) and the Federal Office for the Protection of the Constitution (BfV) warn of a large-scale cyber attack by a special unit of the Russian secret service GRU.

The targets are railway lines and border crossings, airports and seaports, as the "Welt am Sonntag" reports. "In attacks on Western infrastructure, it is sometimes difficult to clearly identify the perpetrators as state actors," BND President Bruno Kahl told "Welt am Sonntag." However, with cyberattacks of this kind, we know where they come from: "They bear the hallmarks of the Russian military intelligence service GRU and its cyber warriors." This refers to a GRU group called APT 28. According to the services, their attacks are now primarily directed against logistics and transport companies involved in aid deliveries to Ukraine.

ATP 28 is also said to have infiltrated surveillance cameras at relevant locations in Ukraine and its neighboring countries in order to monitor aid deliveries and facilitate suspected sabotage attacks. "Russia acts as a hybrid aggressor and has a broad toolbox that it also uses against Germany. Cyberattacks play a central role in this, with great potential for damage. We are currently observing a wave of attacks by APT 28," BfV Vice President Sinan Selen told "Welt am Sonntag." The intelligence agency is resolutely countering this. Former BND President Gerhard Schindler advocates for counterattacks, so-called hackbacks: "Our ability to identify problems is good. Our ability to combat problems does not do justice to the threat situation." It is completely unacceptable "that our security authorities are not authorized to strike back when IT attacks are detected" and an "impossible situation that one must limit oneself to observing IT attacks" instead of taking the state's protective mandate seriously. "It is part of a state's self-image that it defends itself. We, on the other hand, count the attacks, keep excellent statistics, but are not allowed to prevent the attacks," Schindler said. Günter Heiß, intelligence coordinator in the Chancellery during the Merkel era, told the "Welt am Sonntag": "The discussions about hackback were already taking place when I was still in office." If the legal basis were created, it would be "a legitimate means of responding to cyberattacks." He added that politicians should act quickly. "We cannot rely solely on our allied intelligence services to counter enemy cyberattacks by hacking back. Once critical infrastructure is crippled, it's too late." Günter Krings, deputy chairman of the CDU/CSU parliamentary group in the Bundestag, takes a similar view: "Our cyber defense must improve in three areas: first, in the preventive protection of critical infrastructures; second, in rapid and situation-based response; and third, in building our own digital resilience. The federal government must coordinate better here, provide clearer legal capabilities, and focus on high-performance technology." Hackbacks aren't a panacea, but they belong "in the toolbox," Krings said. "If an ongoing digital attack has serious consequences for people or central government functions, then the state must be enabled to actively disrupt this attack." The current coalition agreement between the CDU/CSU and SPD does not mention hackbacks—in contrast to the coalition agreement of the defeated "traffic light" coalition. It stated: "We fundamentally reject hackbacks as a means of cyber defense." The new coalition agreement states that the cybersecurity strategy must be further developed "with the goal of a clear distribution of roles and responsibilities." "What is needed is a robust and constitutional cyber defense," said Green Party deputy Konstantin von Notz. He is chairman of the Parliamentary Control Committee in the Bundestag, which oversees the intelligence services. Von Notz warned that Germany is "not sufficiently prepared" for Putin's hybrid war. "But the truth is also that the warnings from our security authorities, such as the heads of the intelligence services, are anything but new – and politicians have so far failed to adequately address this major and urgent challenge," von Notz criticized. Lower Saxony's Interior Minister Daniela Behrens (SPD) is calling for greater cooperation among authorities in a network to fend off cyberattacks. "Many attacks occur across national borders. German security authorities often receive information from foreign partners in this context." Therefore, international cooperation in this area is "essential and must be further cultivated," Behrens said. Her party members were themselves the main target of a cyberattack by the GRU unit 26165, to which the group APT 28 belongs. In the summer of 2023, the SPD announced that the email accounts of its party executive committee at the Willy Brandt House had been hacked.