German Parliament members were targeted in an apparent spear-phishing attack recently. Nearly 40 federal and regional Parliament members were affected after their email accounts were accessed. After security personnel became aware of the attack, notifications were sent out to those that were affected. Early analysis from German security researchers gives them reason to believe a Russian threat group known as Ghostwriter is behind the attack. The group has been linked to numerous attacks that align with Russian cybercrime tactics since 2017. When describing the group, FireEye stated, “The Ghostwriter campaign leverages traditional cyber threat activity and information operations tactics to promote narratives intended to chip away at NATO’s cohesion and undermine local support for the organization in Lithuania, Latvia, and Poland.” At this time, the Parliament’s network has not been affected but it is unknown how Ghostwriter plans to move forward after the spear-phishing attack.
No matter what email service is used, strong passwords along with multi-factor authentication should be required. Other security measures such as blocking logins from out-of-country IP addresses, detecting incoming email campaigns that link to phishing web pages designed to steal passwords, helping employees (or government representatives) recognize the threat from phishing, and providing tools for employees to easily report phishing attempts are all helpful.