Full Report
German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.
Analysis Summary
# Threat Actor: Russian Intelligence Asset (Operatives Dieter S., Alexander J., and Alex D.)
## Attribution & Identity
The individuals charged are three Russian-German nationals: **Dieter S.**, **Alexander J.**, and **Alex D.** They are accused of acting as secret service agents for the **Russian Secret Service**. Dieter S. is also alleged to have been a fighter for an armed unit of the **Donetsk People's Republic (DPR)**.
## Activity Summary
The group, coordinated by Dieter S. and his Russian secret service contact, engaged in espionage and planning for sabotage operations within Germany starting around October 2023. The core objective was to undermine German military support for Ukraine. Dieter S. was charged with planning potential explosive and arson attacks targeting military infrastructure and industrial sites, as well as sabotage against railway lines transporting military goods.
## Tactics, Techniques & Procedures
- **Intelligence Gathering/Reconnaissance:** Dieter S. scouted out potential targets on site.
- **Data Collection:** Taking photos and videos of military transports and goods.
- **Information Transfer:** Passing collected intelligence information to his Russian secret service contact.
- **Sabotage Planning:** Expressed willingness to carry out or plan explosive/arson attacks and sabotage railway lines.
- **Affiliate Connection:** Dieter S. connected espionage activities with affiliation to the DPR armed unit.
## Targeting
- **Sectors:** Military infrastructure, industrial sites, railway lines used for military transport, and potentially U.S. military facilities.
- **Geography:** Federal Republic of Germany, specifically Bavaria and the Upper Palatinate region.
- **Victims:** German national security interests, German military supply chains, and U.S. military facilities located in Germany.
## Tools & Infrastructure
- **Malware families used:** Not explicitly mentioned in the summary provided.
- **Infrastructure (C2, domains, IPs):** Directed by an identified contact belonging to the Russian secret service. No specific C2 domains or IPs are listed.
## Implications
This case highlights an active and aggressive Russian espionage campaign utilizing dual-nationals within Germany to execute pre-positioning for potential physical sabotage acts aimed at disrupting Western military aid to Ukraine. The penetration extends beyond typical cyber espionage to on-the-ground reconnaissance and planning for kinetic attacks (arson/explosions).
## Mitigations
- Enhanced physical security monitoring around critical military and industrial sites, especially railway depots and transportation hubs designated for military aid.
- Increased counter-intelligence monitoring of individuals with known associations to foreign intelligence services or affiliated armed groups (like the DPR).
- Vetting and monitoring of personnel who have access to sensitive logistics routes or infrastructure related to international military support efforts.