Technology & Science
Berlin Blames GRU for 2024 Air-Traffic Hack and ‘Storm-1516’ Election Plot, Summons Russian Envoy
On 12 Dec 2025 Germany formally attributed an August 2024 cyber-intrusion into its air-traffic control network and a February 2025 deep-fake disinformation campaign to Russia’s GRU, summoned the Russian ambassador, and signalled EU-level sanctions.
Focusing Facts
- Germany’s foreign ministry summoned Ambassador Sergey Nechayev on 12 Dec 2025 after intelligence tied the August 2024 German Air Safety breach to GRU-linked APT28 (Fancy Bear).
- Officials said the GRU-backed ‘Storm 1516’ operation spread fake ballot-manipulation videos targeting candidates Robert Habeck and Friedrich Merz days before the 9 Feb 2025 federal vote.
- Berlin announced that from Jan 2026 Schengen states will log and share travel data of Russian diplomats as a counter-intelligence measure.
Context
States blaming Moscow for hacks is not new: Berlin fingered APT28 for the 2015 Bundestag breach, much as Washington did after the 2016 DNC leak, echoing Cold-War ‘active measures’ like the KGB’s 1983 Operation INFEKTION HIV rumour. What is different is Germany’s willingness to escalate publicly and coordinate EU sanctions, signalling a shift from quiet diplomacy to overt deterrence in the grey-zone. The episode fits a 30-year arc in which cyber and narrative warfare substitute for tanks in Europe; whether this prompts durable European digital resilience or merely another tit-for-tat expulsion cycle will shape the continent’s security architecture long after the Ukraine war fades from headlines. On a century scale, the contest is over who controls the information infrastructure that underpins democratic legitimacy—today’s deepfakes may matter as much as 20th-century artillery once did.
Perspectives
European mainstream and pro-EU outlets
e.g., RocketNews, The Nation — Present the incidents as proven examples of Russian hybrid warfare, asserting that GRU-linked Fancy Bear hacked German air-traffic systems and tried to sway February’s vote, so Berlin must impose counter-measures. Strongly echo official German/NATO messaging and may overstate the certainty of intelligence findings to justify tougher sanctions on Moscow.
International outlets reprinting AFP for Global-South audiences
e.g., Arab News, NDTV — Report Germany’s allegations while repeatedly highlighting Russia’s description of the accusations as “absurd” and “baseless,” framing the clash as an unresolved diplomatic dispute. In aiming for balance and shielding diverse readerships from taking sides, they give outsized space to Russian denials and treat the evidence as unverified, which can blunt perceptions of Kremlin culpability.
South-Asian regional outlets drawing on wire copy
e.g., Jammu Kashmir Latest News, Outlook India — Emphasise Germany’s plan to retaliate and coordinate EU sanctions, presenting the cyberattack and election meddling as further proof of Moscow’s aggressive posture. Largely repackage Western intelligence claims without additional reporting, mirroring a pro-Western security narrative that can sensationalise the threat and overlook the absence of independently released evidence.