GBAF Logo
Finance

Germany intelligence agency warns of Russian APT28 cyber spying

Published by Global Banking & Finance Review

Posted on April 7, 2026

1 min read

· Last updated: April 8, 2026

Add as preferred source on Google
Germany intelligence agency warns of Russian APT28 cyber spying
Finance cybersecurity International Intelligence technology
Global Banking & Finance Awards 2026 — Call for Entries

By Maria Martinez BERLIN, April 7 (Reuters) - Germany’s domestic intelligence agency warned on Tuesday of cyberattacks by the Russian state-linked hacker group APT28, saying it had compromised

Germany Warns of Russian APT28 Cyber Spying Targeting Critical Infrastructure

German Intelligence Issues Alert on Russian Cyber Espionage

By Maria Martinez

Overview of the Warning

BERLIN, April 7 (Reuters) - Germany’s domestic intelligence agency warned on Tuesday of cyberattacks by the Russian state-linked hacker group APT28, saying it had compromised vulnerable TP-Link internet routers to spy on military, government and critical infrastructure targets.

Agencies Involved in the Alert

The Federal Office for the Protection of the Constitution (BfV) said the warning was issued with partners including Germany's foreign intelligence agency, BND, and the U.S. FBI. 

About APT28 (Fancy Bear)

APT28, also known as "Fancy Bear", is attributed by Western governments to Russia’s military intelligence service, the GRU. 

Scope of the Attacks

The group attacked several thousand routers globally, the BfV said, including around 30 vulnerable devices in Germany.

Confirmed Compromises and Response

In some cases, compromise was confirmed, prompting operators to replace affected routers.

APT28's Previous Activities in Germany

APT28 previously carried out cyberattacks on Germany’s parliament, the centre-left SPD political party and air traffic control authorities, the BfV said.

(Reporting by Andreas Rinke; Writing by Maria Martinez; Editing by Jamie Freed)

Key Takeaways

  • APT28 exploited TP‑Link and MikroTik routers via known vulnerabilities (e.g. CVE‑2023‑50224) to hijack DNS settings and intercept traffic (techcrunch.com).
  • The threat is widespread—involving thousands of routers globally—with Germany confirming around 30 local compromises prompting router replacements (techcrunch.com).
  • This operation aligns with APT28’s longstanding GRU‑linked cyber‑espionage campaigns targeting parliaments, political parties, air traffic authorities, and critical infrastructure (ncsc.gov.uk)

References

Frequently Asked Questions

What did Germany's intelligence agency warn about?
Germany's domestic intelligence agency warned of cyberattacks by the Russian state-linked hacker group APT28, targeting military, government, and critical infrastructure.
Who is APT28 and what is their affiliation?
APT28, also known as Fancy Bear, is a hacker group attributed by Western governments to Russia’s military intelligence service, the GRU.
How were the cyberattacks carried out?
APT28 compromised vulnerable TP-Link internet routers to spy on selected targets, including several thousand routers worldwide and around 30 in Germany.
Which organizations issued the cyberattack warning?
The warning was issued by Germany's Federal Office for the Protection of the Constitution, with partners including the BND and the U.S. FBI.
What actions were taken after compromised routers were discovered?
Operators replaced affected routers after confirmation of compromise in some cases.

Tags

Related Articles

Image for Australia's Wong to visit Japan, China, South Korea to discuss energy security

Australia's Wong to visit Japan, China, South Korea to discuss energy security

Image for Hungary's Magyar to meet EU's von der ​Leyen for talks on EU funds this week

Hungary's Magyar to meet EU's von der ​Leyen for talks on EU funds this week

Image for Switzerland angers Italy by claiming costs of treating Crans-Montana fire victims

Switzerland angers Italy by claiming costs of treating Crans-Montana fire victims

Image for Russian defence minister visits North Korea

Russian defence minister visits North Korea

Image for Fertiliser plant in Russia's Vologda region damaged in Ukrainian drone attack, governor says

Fertiliser plant in Russia's Vologda region damaged in Ukrainian drone attack, governor says

Image for Close Brothers will not take legal action against Britain's car finance redress scheme, Sky News reports

Close Brothers will not take legal action against Britain's car finance redress scheme, Sky News reports

More from Finance

Explore more articles in the Finance category

Image for Germany's far-right AfD rises to record 28%, INSA poll shows
Germany's far-right AfD rises to record 28%, INSA poll shows
Image for German government suspects Russia of Signal attack targeting politicians, sources say
German government suspects Russia of Signal attack targeting politicians, sources say
Image for Romania finds parts of second drone after overnight Russian attack on Ukraine
Romania finds parts of second drone after overnight Russian attack on Ukraine
Image for China condemns EU's inclusion of Chinese entities in sanctions package against Russia
China condemns EU's inclusion of Chinese entities in sanctions package against Russia
Image for Russian parliament speaker in North Korea to mark Pyongyang's troop deployment in Ukraine war
Russian parliament speaker in North Korea to mark Pyongyang's troop deployment in Ukraine war
Image for Macron reaffirms efforts to reopen Strait of Hormuz, as TotalEnergies warns of energy shortages
Macron reaffirms efforts to reopen Strait of Hormuz, as TotalEnergies warns of energy shortages
Image for France's Macron says EU mutual assistance clause is unambiguous
France's Macron says EU mutual assistance clause is unambiguous
Image for US to let Venezuela pay Maduro's lawyer in drug trafficking case
US to let Venezuela pay Maduro's lawyer in drug trafficking case
Image for Italy votes down equal parental leave while fathers redefine their role online
Italy votes down equal parental leave while fathers redefine their role online
Image for German auto industry faces even tougher competition as China economy slows
German auto industry faces even tougher competition as China economy slows
Image for Romania says drone fragments damage property during overnight Russian attack on Ukraine
Romania says drone fragments damage property during overnight Russian attack on Ukraine
Image for Engine maker Horse plans India move to supply growing small car market, CEO says
Engine maker Horse plans India move to supply growing small car market, CEO says
View All Finance Posts