🇩🇪  Read this story in German. 

This analysis first appeared in our Weekly Intelligence Snapshot. Subscribe now to receive weekly Intelligence and news on the geopolitical and cyber threat landscape.

Germany awaits its federal elections on 26 September, and the whole world is watching.

After 16 years ruling Germany as Chancellor, Angela Merkel from the conservative Christian Democratic Union (CDU) is not running again for the Chancellor’s Office.

Therefore, this year’s election marks not only an important milestone for Germany but the whole of Europe. As one of the most politically and economically influential countries in Europe, the replacement of Germany’s top leader will likely even have a global impact.

While political leaders worldwide knew what to expect from Merkel and her followers, new candidates will present their unique paths and approaches.

This uncertainty is being exploited for cyberattacks – namely, the risk of attempted vote manipulations and espionage. Similar accusations to those in the 2020 US presidential elections about the alleged risk of manipulating postal votes are being promoted in Germany. At the same time, German parliament members are constant targets of cyberattacks.

So, the question is: How is Germany holding up against cyberattacks and misinformation threats?

Are you enjoying this story? Subscribe to our newsletter to receive the lastest stories straight into your inbox.

Foreign Threat Actors Show Great Interest in German Elections

Cybercriminals target politicians all the time for a variety of reasons. Yet, most of the time this is hardly an effort of malicious individuals. Instead, Nations-sponsored threat actor groups have a great interest in manipulating political candidates or election outcomes.

Recently, the Russian threat actor group “Ghostwriter” targeted members of the Bundestag and the state parliaments with a cyber campaign. The group has links to Russia’s military intelligence service “GRU” and tried to access private email accounts by sending phishing emails.

GRU was named as a culprit in the attack whose main goal was to capture emails from Chancellor Angela Merkel’s constituency office. The attack also targeted the German parliament, in an attempt to install software that would give the attackers permanent access to computers used by staff and the parliament members.

Germany’s foreign ministry recognized the attacks as part of a broader campaign and not as isolated cyber incidents.

​German Government carefully monitors the attacks’ development

But, how did the threat actors carry out their attack and what did they try to achieve?

In March 2021, German Government/Parliament officials reported that Russian cybercriminals targeted dozens of German policymakers, according to Der Spiegel news magazine. This included seven members of the Bundestag and 31 members of regional parliaments.

The majority of victims were members of the major parties, such as the conservative Christian parties CDU and CSU and the socialist-democratic SPD. All of them received fake malicious emails that were made to appear legitimate in an attempt to trick a receiver into revealing their sensitive information or to deploy malicious software on the victim’s computer.

The recent Russian phishing attacks against German politicians are only the latest in a string of campaigns that took place over the past few years. Back in 2015, Germany’s intelligence agency BfV (“Bundesverfassungsschutz”) linked cyber-attacks on the state’s major computer infrastructure to the threat actor group Sofacy/APT28, a group reportedly closely linked to the Russian state.

The details on these attacks are sparse, but the intelligence officials also reported that the breaches were used to steal data on critical infrastructures such as power plants and other utilities.

In a recent interview, Germany’s Federal Returning Officer (Bundeswahlleiter) Georg Thiel said that the ”risk of attacks is high”. Yet, he further said that the chance of actual manipulation of the election is low and the motivations for these attacks are numerous. They range from manipulating election outcomes to espionage activities and gathering intelligence on individual politicians.

​​​Disinformation Campaigns Are Spreading

Another battlefield has been consistent disinformation campaigns taking place across social media. Unlike cyberattacks, such as those targeting German policymakers via phishing emails, disinformation efforts have a clear psychological-social component.

Based on a recent report on electoral disinformation campaigns in Saxony-Anhalt, the main goal of those campaigns is to instill doubt about the legitimacy of the German election process.

As per the report, the key promoters of this misinformation are reportedly far-right voters, including from the Alternative for Germany (AfD) party.

The report has also shown that approximately 2.6 million Twitter users saw posts with hashtags pointing to alleged voting fraud within 24 hours after the elections. As part of a clearly coordinated action, similar claims were aggressively promoted on Facebook, Telegram, or Bitchute, as well as via the blogs and newsletters of right-wing influencers.

On the day of the election, an anonymous Twitter account posted a picture of a polling station. It showed an election worker in Saxony-Anhalt that was allegedly preparing to manipulate AfD votes to harm the party’s electoral results.  Yet, the image came from a polling station in the United States and therefore clearly intended to spread disinformation and fake news.

The issues are being addressed. In May 2021, Facebook promised to ramp up security for the German elections. Additionally, the German Federal Office for Information Security and the Federal Network Agency, implemented a direct emergency telephone line to Twitter, Google, and Facebook to pave the way for immediate actions if necessary.

​​​Misinformation Mostly Targets Green Chancellor Candidate

According to a new report by civil liberties NGO Avaaz, the majority of the disinformation campaigns ahead of the 2021 federal elections are targeting Annalena Baerbock, the co-leader and chancellor candidate of Germany’s Green party.

In her bid to become Germany’s next chancellor, Baerbock has been targeted with more fake news than any other candidate, as per Avaaz.

The NGO’s researchers analyzed dozens of misinformation incidents and determined that Baerbock is targeted 70% more often than her conservative contender, Armin Laschet, or Olaf Scholz, the Social Democrats’ candidate.

“She came quite late to the race — but immediately, we saw a spike in disinformation about her,” said Avaaz’s campaign director, Christoph Schott. “It could be because she is a woman, it could be because she has some strong ideas and messages, which makes it somehow easier to attack her — but it’s really hard to find evidence for that.”

The examples are many, but at least two have gained mainstream attention. As part of one campaign, Baerbock was falsely accused of planning to legally ban children from keeping pets at home. The smear campaign went on even after the official denial was issued.

The second incident included the posting and sharing of an alleged nude photo of Baerbock, which was actually showing a Russian porn star who superficially resembles the German politician.

Postal Votes: Falsely But Repeatedly Accused of High Manipulation Risk

At the same time, the internet is flooded with claims that postal votes are the focus of the alleged attempts to change the outcome of the incoming elections.

Georg Thiel, Germany’s Federal Returning Officer (Bundeswahlleiter), claims that postal votes are likely to see a considerable increase in 2021 due to the ongoing pandemic. He also stresses that postal votes have been used since 1957 in Germany and that no large-scale efforts to falsify the voting process have been recorded.

Yet, in early 2021, AfD Bundestag member Stephan Brandner accused his political opponents of planning to rig the election by undemocratic and unconstitutional means, adding that postal votes can be manipulated in many ways.

As evidence of the baseless nature of these claims, the experts from the Berlin Social Science Center (WZB) point to their research into the 2017 general elections. The results show that it is the main opponents of AfD, such as CDU and the Greens, regularly receive a higher percentage of support through postal votes, while the AfD performs relatively poorly.

Therefore, the political analyst Klaus Stüwe suspects the attacks on postal voting by AfD members is a purely tactical maneuver.

Also, Thiel says that no software is used to tally the results. This should protect the elections from cyber attackers that may attempt to manipulate the voting results.


Cyberattacks Before Elections: Foreign Powers Change Their Approach

General elections are of great interest to citizens. Yet, they also draw the attention of outside parties who want to know how a potential new government will engage them.

The German election is no exception. While direct attempts to falsify election results have been made in the past, no successful attempts have been recorded in Germany so far.

However, propaganda and disinformation efforts have long attempted to influence voters to choose a specific party or a candidate.

These efforts have become easier, faster, and cheaper thanks to the ubiquity of social media and the support threat actors receive from powerful outside parties or states like Russia or China.

What is new is that the foreign powers seem to be changing their approach. They now seem to be more interested in sowing mistrust in democratic and electoral institutions and causing divisions in societies, rather than in supporting a specific candidate or party.

Thiel claims that the efforts to counter these misinformation and distrust campaigns have been stepped up. Yet, for them to truly lose ground, each citizen has to double-check every piece of information that comes their way, online as well as offline.

Did you enjoy this story? There’s more where it came from! Subscribe to our newsletter to receive the lastest stories straight into your inbox.