These attacks were orchestrated by the Russian Federation and its GRU intelligence service
In the shadow of an ongoing war fought with tanks and missiles, Germany and the Czech Republic have drawn attention to a quieter but no less consequential battlefield: the digital infrastructure of democratic societies. On May 3rd, both nations publicly named Russian intelligence — through its proxy group APT28 — as the architect of sustained cyberattacks against political parties, government institutions, and critical industries. By summoning Russian diplomats and speaking in unison, Berlin and Prague signaled that the age of silent tolerance for state-sponsored cyber aggression may be drawing to a close.
- Germany and the Czech Republic simultaneously accused Russian intelligence of orchestrating cyberattacks against their governments, political parties, and critical infrastructure — a rare and deliberate act of public attribution.
- The hacking group APT28, known as Fancy Bear and described as operating under direct GRU control, targeted Germany's ruling SPD party and exploited a Microsoft Outlook vulnerability to strike dozens of Czech institutions since 2023.
- Both countries summoned Russian diplomats in a coordinated diplomatic rebuke, framing the attacks not as isolated criminal incidents but as acts of state-sponsored warfare waged in the gray zone between peace and open conflict.
- Czech Interior Minister Rakušan went further than diplomatic language, stating plainly that Russia considers the Czech Republic an enemy — a charge that reflects Prague's substantial military and humanitarian support for Ukraine.
- The joint investigation and synchronized public statements suggest a broader Western strategy of open confrontation, raising the question of whether NATO allies will follow with their own accusations and whether collective sanctions may follow.
On May 3rd, Germany and the Czech Republic took the unusual step of jointly and publicly accusing Russian intelligence of conducting a coordinated campaign of cyberattacks against their governments, political institutions, and critical infrastructure. Both nations summoned Russian diplomats to deliver an unambiguous message: these operations would not be tolerated.
At the center of the accusations stood APT28 — also known as Fancy Bear — a hacking group that German Foreign Minister Annalena Baerbock identified as operating under direct Russian intelligence control. The group had targeted the Social Democratic Party of Chancellor Olaf Scholz, and German authorities revealed the campaign extended far wider: logistics firms, weapons manufacturers, aerospace companies, and civil associations had all been struck. Baerbock called the attacks "absolutely intolerable and unacceptable."
The Czech Republic described a parallel ordeal. Since 2023, dozens of Czech institutions had been hit through a previously unknown vulnerability in Microsoft Outlook, attacks bearing the unmistakable signature of APT28. Interior Minister Vít Rakušan, speaking at a joint press conference with his German counterpart Nancy Faeser, stated plainly that the assaults were orchestrated by Russia's GRU — and that Moscow viewed the Czech Republic as an enemy nation. Czech Foreign Minister Jan Lipavský stressed that publicly naming the aggressor was no longer optional; it had become a matter of national interest.
What distinguished this moment was the deliberate choice to go public. Rather than addressing the intrusions through quiet diplomatic channels, both countries exposed the attacks and their suspected perpetrators to international scrutiny. The coordinated response raised a larger question: whether other NATO and EU allies would follow with their own attributions, and what collective action the alliance might ultimately take.
On Friday, May 3rd, Germany and the Czech Republic moved in tandem to publicly accuse Russian intelligence of orchestrating a coordinated campaign of cyberattacks against their governments, political institutions, and critical infrastructure. The German government summoned the Russian embassy's chargé d'affaires to deliver a stark diplomatic message: these operations would not be tolerated. A spokesperson for Germany's Foreign Ministry framed the summons as a clear signal to Moscow that Berlin rejected such actions outright.
The accusations centered on a hacking group known as APT28, also called Fancy Bear, which German Foreign Minister Annalena Baerbock identified as operating under direct control of Russian intelligence services. The group had launched what she termed an "intolerable" cyberattack against the Social Democratic Party (SPD)—the party of Chancellor Olaf Scholz—in the previous year. "We can now say unequivocally that we attribute this cyberattack to APT28, led by Russian intelligence services," Baerbock stated. "This was a state-sponsored cyberattack against Germany, and it is absolutely intolerable and unacceptable."
The scope of the attacks proved far broader than a single political party. German authorities revealed that the campaign had also targeted government services, companies in logistics, weapons manufacturing, aerospace, and various foundations and civil associations. This was not an isolated incident but part of what German officials described as a joint investigation with Czech authorities, signaling that both nations had been struck by the same adversary using similar methods.
Meanwhile, the Czech Republic detailed its own experience with Russian cyber operations. The Czech Foreign Ministry disclosed that since 2023, multiple Czech institutions had been targeted by cyberattacks exploiting a previously unknown vulnerability in Microsoft Outlook. The attacks bore the hallmarks of APT28, the same group blamed by Germany. Czech Interior Minister Vít Rakušan stated that the country's infrastructure had endured "dozens" of such assaults. "These attacks were orchestrated by the Russian Federation and its GRU intelligence service," he said at a joint press conference with his German counterpart, Nancy Faeser.
The Czech government went further in its characterization, with Interior Minister Rakušan explicitly stating that Russia viewed the Czech Republic as an enemy nation. This framing reflected the country's position as both a NATO and European Union member that had provided substantial military and humanitarian aid to Ukraine since Russia's invasion in February 2022. Czech Foreign Minister Jan Lipavský emphasized to international media that publicly naming a specific aggressor was essential for protecting national interests—a statement that underscored how the two countries had moved beyond private complaints to open confrontation.
The coordinated public attribution represented a significant escalation in how Western nations were responding to Russian cyber operations. Rather than quietly addressing the intrusions through back channels, Germany and the Czech Republic had chosen to expose the attacks and their suspected perpetrators to international scrutiny. The summons of Russian diplomats and the joint investigation signaled that the two countries viewed these operations not as isolated criminal acts but as state-sponsored warfare conducted in the gray zone between peace and conventional conflict. What remained to be seen was whether other NATO and EU allies would follow suit with their own accusations and what collective response the alliance might mount.
Notable Quotes
This was a state-sponsored cyberattack against Germany, and it is absolutely intolerable and unacceptable.— German Foreign Minister Annalena Baerbock
The Republic of Czechia is a target and is viewed by the Russian Federation as an enemy country.— Czech Interior Minister Vít Rakušan
The Hearth Conversation Another angle on the story
Why did Germany and the Czech Republic decide to go public with these accusations now, rather than handling it quietly?
Public attribution serves multiple purposes. It signals to Russia that these operations have been detected and identified, which can deter future attacks. It also builds a documented record for potential sanctions or legal action. And frankly, it tells domestic audiences that their governments are taking the threat seriously.
The Czech Republic explicitly called itself an enemy of Russia. That's stark language. What does that tell us?
It reflects reality, but saying it out loud is a choice. The Czechs have been vocal supporters of Ukraine and NATO expansion—positions Moscow deeply resents. By naming themselves as a target, they're essentially saying: we know Russia sees us this way, and we're not pretending otherwise.
APT28 has been blamed for attacks worldwide before. What makes these incidents different?
The coordination. Germany and the Czech Republic are investigating together, sharing intelligence, and presenting a unified front. That's not how isolated hacking groups operate. It signals a pattern of state-directed activity against multiple Western targets simultaneously.
Does summoning a diplomat actually change anything?
It's symbolic, but symbols matter in diplomacy. It's a way of saying: we're escalating our response without military action. It puts Russia on notice that there are costs, even if those costs are primarily reputational and political rather than economic or military.
What happens next?
Watch whether other NATO members come forward with their own accusations. If this becomes a pattern—multiple countries publicly blaming Russia for coordinated attacks—it creates pressure for a collective NATO response, possibly sanctions or cyber retaliation.