The German democratic socialist party, Die Linke, confirmed on Thursday that it had recently fallen victim to a major cyberattack. The ransomware syndicate known as Qilin has exfiltrated internal data and is threatening to release the information publicly.
In an official statement, the party noted that the attackers are threatening to publish sensitive internal organizational documents, as well as the personal details of headquarters staff. While the party is still working to determine the full extent of the breach, they have confirmed that the threat to their data is genuine.
Investigation into the Attackers and Their Motives
Die Linke clarified that its membership database remained secure, and the attackers' attempts to access member information were unsuccessful. The party identified the Qilin group as Russian-speaking cybercriminals, noting that their actions appear to be driven by both financial gain and political motives.
“Such digital attacks, particularly the use of ransomware, are often part of hybrid warfare and constitute an assault on critical infrastructure,” the party stated. Die Linke emphasized that the attack on its systems was not a random occurrence.
Qilin officially claimed responsibility for the breach on April 1, listing Die Linke as a victim on its dark web leak site. However, as of now, the group has not released any actual data samples.
Die Linke confirmed that it has reported the incident to the relevant German authorities and has filed a formal criminal complaint. The party is currently working with independent IT security experts to ensure the compromised systems are restored safely.
This is not the first time a German political party has faced such a security threat. In 2024, the cybersecurity firm Mandiant revealed that the Russian-linked APT29 group had targeted the Christian Democratic Union (CDU) using the WineLoader backdoor.
Founded in 2007, Die Linke currently holds 64 seats in the Bundestag, maintains approximately 123,000 registered members, and participates in several state-level coalition governments. Investigations into the incident remain ongoing.
