Major German air traffic control company, Deutsche Flugsicherung (DFS) has been taken down by a cyber attack. This attack on Deutsche Flugsicherung impacts the critical infrastructure that keeps German aviation operating.

The attack is suspected to be the work of pro-Russian hacker group APT28, also known as Fancy Bear- though the cybergang has not been publicly confirmed. 

A spokesperson for the DFS confirmed that their “office connection was hacked’,and that they company ‘are now taking protective measures." They confirmed that the cyberattack had not affected the air traffic operations and that German security authorities bad been informed. 

While the attack did not disrupt air traffic, it easily could have. This highlights the vulnerability of critical infrastructure to international cyber threats.

It is currently unclear whether the attackers were able to access important company and customer data however it is confirmed that ‘the "administrative IT infrastructure, i.e. the office communications of DFS GmbH’ was targeted.

Who are APT28?

The group likely responsible for the DFS cyber attack is speculated to be APT28, also known as Fancy Bear.

APT28 is a highly skilled cybercriminal gang believed to be affiliated with Russian military intelligence

The hacker group has been active for over a decade. They been implicated in cyberattacks against government agencies, political campaigns, and international organizations.

They are most well known for hacking the Democratic National Committee (DNC), in 2016. The cybergang were able to steal emails that were later leaked and played a role in the US presidential election.

Read: Ubiquiti Routers Hijacked in Russia-Linked Cyber Attack

The group has also targeted NATO and other Western organizations, aiming to disrupt their operations and gather intelligence.

They have targeted energy companies, telecommunications providers, and other critical infrastructure sectors like DFS. Individuals critical of the Russian government have frequently been targeted by APT28 for espionage and harassment.

APT28 has been well documented in its sophisticated tactics, deploying a multi-pronged, incredibly effective approach to cybercrime. They use phishing emails or other deceptive methods to trick individuals into revealing sensitive information or clicking on malicious links.

They exploit zero-day vulnerabilities, where previously unknown software flaws that hackers find before software developers can patch them. They can also install malicious software on compromised systems to steal data, maintain persistent access, or disrupt operations.

Why has DFS been targeted?

Deutsche Flugsicherung (DFS) is Germany's air traffic control agency. It is responsible for managing and coordinating all air traffic within the German airspace.

These responsibilities include assisting pilots in planning their flight routes and altitudes, guiding aircraft safely through German airspace and ensuring that they avoid collisions and responding to incidents and emergencies related to air traffic.

Based on the scope of this critical infrastructure it is easy to see the level of impact its potential disruption could have. It could impact tourism, trade, and emergency services making it an attractive target for cyber criminals. 

Disrupting air traffic could have significant economic and social consequences. The attack on DFS could be part of a broader campaign to gather intelligence or steal sensitive data.

Targeting German infrastructure could be seen as a way to exert pressure on the German government or to destabilize the country. By successfully attacking critical infrastructure APT28 can demonstrate its capabilities and deter adversaries.

DFS’s immediate priority will be to contain the attack, isolate affected systems, and restore normal operations. They have already commenced a thorough investigation to determine the full extent of the breach, how the APT28 gained access, and if any data was compromised.

Once the investigation is complete, DFS will implement measures to address any vulnerabilities. This may include patching software, strengthening security controls, and improving employee training.

The incident will hopefully encourage critical infrastructure across the globe to analyze their own cybersecurity policies to prevent future attacks. This may include updating security policies, investing in new technologies, and strengthening partnerships with other organizations.