Qilin Ransomware Breach Confirmed by Die Linke German Political Party

German Political Party Die Linke Falls Victim to Qilin Ransomware Attack

A cyberattack by the Qilin ransomware group has resulted in the theft of data from Die Linke, a prominent German democratic socialist political party. The attackers have threatened to release the stolen information unless a ransom is paid.

Die Linke disclosed the cyber incident on March 27, a day after their network was compromised by the threat actor. While the party acknowledged the breach, they did not confirm the extent of the data stolen.

Established in 2007, Die Linke, also known as the Left Party, holds 64 seats in the German parliament (Bundestag) and boasts 123,000 registered members. The party is actively involved in various state governments, particularly in eastern Germany.

The attackers are reportedly targeting sensitive data from the party’s internal operations and personal information of staff at the party headquarters. Die Linke is uncertain about the full extent of the breach but acknowledges the potential risk.

Fortunately, the party’s membership database remains unaffected as the attackers failed in their attempt to access member data.

Die Linke has identified the Qilin ransomware group as the perpetrators behind the attack. Described as Russian-speaking cybercriminals driven by financial and political motives, the group’s actions against the German political party are seen as deliberate and strategic.

The party emphasized that such cyberattacks, particularly ransomware incidents, are often part of hybrid warfare and pose a threat to critical infrastructure.

On April 1st, Qilin publicly claimed responsibility for the attack on Die Linke, listing them as a victim on their data leak site without releasing any samples of the stolen data.

See also  Cybersecurity Alert: CISA Issues Warning on Zimbra and SharePoint Vulnerabilities, Cisco Zero-Day Exploited in Ransomware Attacks

Threatening to expose stolen data is a common tactic used by ransomware groups to pressure victims into paying a ransom.

Die Linke has taken immediate action by notifying German authorities and filing a criminal complaint with the police. The party is also collaborating with independent IT experts to secure their systems and mitigate the impact of the attack.

Notably, political parties in Germany have been targeted by Russia-linked threat actors in the past. In 2024, APT29 launched a campaign against CDU, a major political party in the country, using a backdoor named WineLoader.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now