Skip to content


The European Union has warned that it may take action over Russia’s involvement in “malicious cyber activities” against various EU member states.

The “Ghostwriter” campaign targeted “numerous EU parliamentarians, government officials, politicians and members of the press and civil society,” according to a press release from the European Council on Friday, and was carried out “through access computer systems and personal accounts and data theft “.

The statement from the European executive, made up of the bloc’s heads of state, said the EU was considering “taking more steps” but did not explain what actions it would take.

“Today’s statement tries to strongly denounce malicious cyber activities, designated as Ghostwriter that some member states have observed and associated with the Russian state,” Nabila Massrali, spokesperson for the European Council, told TechCrunch. “These activities are unacceptable and everyone involved must stop them immediately. Such activities seek to threaten our integrity and security, democratic values ​​and principles and attempt to undermine our democratic institutions and processes. We urge the Russian Federation to adhere to the norms of responsible state behavior in cyberspace. “

No specific incidents were mentioned in the press release. But the spokesperson added that the warning comes in light of the upcoming German elections on September 26.

Earlier this month, Germany said the Russia-linked Ghostwriter campaign had been “combining conventional cyberattacks with disinformation and influence operations” in an attempt to spread disinformation ahead of the next election. At the time, the German government said it had “reliable information” that recent cyberattacks, in which hackers used phishing emails in an attempt to obtain personal login details from federal and state lawmakers, they could be attributed to actors in Russia, “specifically the Russian military intelligence service GRU.”

Ghostwriter has been around since 2017, according to a 2020 FireEye report, and has been involved in anti-NATO disinformation campaigns, cyber espionage, and politically damaging hack-and-run operations across Europe. In a follow-up report published in April this year, FireEye linked the Ghostwriter campaign to UNC1151, a threat actor believed to be backed by the Kremlin.

Since then, Prevailion, a cybersecurity startup that specializes in cyber adversary intelligence and compromise breach monitoring, has found that the infrastructure associated with UNC1151 is three times larger than previously documented, and its malicious cyber activities are broader and more aggressive than originally suspected. .

Karim Hijazi, Prevailion’s chief executive, said earlier this month that UNC1151 is “positioned for a much broader operation, both in Europe and potentially beyond.”

techcrunch Gt