Please enable JavaScript to read this content.
Germany and the Czech Republic on Friday blamed Russia for a series of recent cyberattacks, prompting the European Union to warn Moscow of consequences over its "malicious behaviour in cyberspace".
The accusations come at a time of strained relations between Moscow and the West following Russia's 2022 invasion of Ukraine and the European Union's support for Kyiv.
German Foreign Minister Annalena Baerbock said a newly concluded government investigation found that a cyberattack targeting members of the Social Democratic Party had been carried out by a group known as APT28.
APT28 "is steered by the military intelligence service of Russia", Baerbock told reporters during a visit to Australia.
"In other words, it was a state-sponsored Russian cyberattack on Germany and this is absolutely intolerable and unacceptable and will have consequences."
APT28, also known as Fancy Bear, has been accused of dozens of cyberattacks in countries around the world.
Russia denies being behind such actions.
The hacking attack on German Chancellor Olaf Scholz's SPD party was made public last year. Hackers exploited a previously unknown vulnerability in Microsoft Outlook to compromise e-mail accounts, according to Berlin.
Berlin on Friday summoned the acting charge d'affaires of the Russian embassy over the incident.
The Russian embassy in Germany said its envoy "categorically rejected the accusations that Russian state structures were involved in the given incident... as unsubstantiated and groundless".
Arms, aerospace targeted: Berlin
German Interior Minister Nancy Faeser said the cyber campaign was orchestrated by Russia's military intelligence service GRU and began in 2022. It also targeted German companies in the armaments and aerospace sectors, she said.
Such cyberattacks are "a threat to our democracy, national security and our free societies", she told a joint news conference in Prague with her Czech counterpart Vit Rakusan.
"We are calling on Russia again to stop these activities," Faeser added.
Czech government officials said some of its state institutions had also been the target of cyberattacks blamed on APT28, again by exploiting a weakness in Microsoft Outlook in 2023.
Stay informed. Subscribe to our newsletter
Czech Interior Minister Rakusan said his country's infrastructure had recently experienced "higher dozens" of such attacks.
"The Czech Republic is a target. In the long term, it has been perceived by the Russian Federation as an enemy state," he told reporters.
EU, NATO condemnation
The German and Czech findings triggered strong condemnation from the European Union.
"The malicious cyber campaign shows Russia's continuous pattern of irresponsible behaviour in cyberspace, by targeting democratic institutions, government entities and critical infrastructure providers across the European Union and beyond," EU foreign affairs chief Josep Borrell said.
The EU would "make use of the full spectrum of measures to prevent, deter and respond to Russia's malicious behaviour in cyberspace", he added.
State institutions, agencies and entities in other member states including in Poland, Lithuania, Slovakia and Sweden had been targeted by APT28 in the past, the statement added.
The latest accusations come a day after NATO expressed "deep concern" over Russia's "hybrid actions" including disinformation, sabotage and cyber interference.
The row also comes as millions of Europeans prepare to go to the polls for the European Parliament elections in June, and concerns about foreign meddling are running high.
Czech Foreign Minister Jan Lipavsky told AFP that "pointing a finger publicly at a specific attacker is an important tool to protect national interests".
One of the most high-profile incidents so far blamed on Fancy Bear was a cyberattack in 2015 that paralysed the computer network of the German lower house of parliament, the Bundestag. It forced the entire institution offline for days while it was fixed.
In 2020, the EU imposed sanctions on individuals and entities linked to the APT28 group over the incident.