BERLIN — Far-right German politician Ringo Mühlmann has taken a noteworthy interest in exposing information his political opponents say could be of great interest to Russian intelligence. Using the rights afforded to him as a lawmaker for the Alternative for Germany (AfD) in the parliament of the eastern German state of Thuringia — where the AfD is the strongest party  — Mühlmann has repeatedly asked the regional government to disclose intricate details on subjects such as local drone defenses and Western arms transports to Ukraine. “What information does the state government have about the extent of military transit transports through Thuringia since 2022 (broken down by year, type of transport [road, rail], number of transits, and known stops)?” Mühlmann asked in writing in September. One day in June, Mühlmann — who denies he is doing Russia’s bidding — filed eight inquiries related to drones and the drone defense capabilities of the region’s police, who are responsible for detecting and fending off drones deemed a spy threat. “What technical systems for drone defense are known to the Thuringian police (e.g., jammers, net launchers, electromagnetic pulse devices), and to what extent have these been tested for their usability in law enforcement?” Mühlmann asked. Such questions from AfD lawmakers on the state and federal parliaments have led German centrists to accuse the far-right party’s lawmakers of using their seats to try to expose sensitive information that Moscow could use in its war on Ukraine and to help carry out its so-called “hybrid war” against Europe. “One cannot help but get the impression that the AfD is working through a list of tasks assigned to it by the Kremlin with its inquiries,” Thuringian Interior Minister Georg Maier, a member of the center-left Social Democratic Party (SPD), told German newspaper Handelsblatt. “What struck me was an incredible interest in critical infrastructure and the security authorities here in Thuringia, especially how they deal with hybrid threats,” Maier subsequently told POLITICO. “Suddenly, geopolitical issues are playing a role in their questions, while we in the Thuringian state parliament are not responsible for foreign policy or defense policy.”  ‘PERFIDIOUS’ INSINUATIONS AfD leaders frequently take positions favorable to the Kremlin, favoring a renewal of economic ties and gas imports and a cease of weapons aid for Ukraine. Their political opponents, however, have frequently accused them of acting not from conviction alone — but at the behest of Moscow. Greens lawmaker Irene Mihalic, for instance, last month called the party Russian President Vladimir Putin’s “trojan horse” in Germany. AfD politicians deny allegations they are using their rising parliamentary power both nationally and in Germany’s states to try to pass on sensitive information to the Kremlin. Tino Chrupalla, one of the AfD’s national leaders, strongly pushed back against the allegations his party is attempting to reveal arms supply routes to benefit the Kremlin.   “Citizens have legitimate fears about what they see and experience on the highways every evening,” he said in a talk show last month when asked about Mühlmann’s inquiries. “These are all legitimate questions from a member of parliament who is concerned and who takes the concerns and needs of citizens seriously. You are making insinuations, which is quite perfidious; you are accusing us of things that you can never prove.” Tino Chrupalla, one of the AfD’s national leaders, strongly pushed back against the allegations his party is attempting to reveal arms supply routes to benefit the Kremlin.  | Thomas Lohnes/Getty Images Mühlmann, a former police officer, speaking to POLITICO, denied that he’s following an assignment list “in the direction of Russia.” Government ministers, while obligated to answer each parliamentary inquiry, are not obliged to reveal sensitive or classified information that could endanger national security, Mühlmann also argued. “It is not up to me to limit my questions, but up to the minister to provide the answers,” he said. “If at some point such an answer poses a danger or leads to espionage, then the espionage is not my fault, but the minister’s, because he has disclosed information that he should not have disclosed.” FLOOD OF PARLIAMENTARY QUESTIONS Marc Henrichmann, a conservative lawmaker and the chairman of a special committee in Germany’s Bundestag that oversees the country’s intelligence services, said that while the government is not obliged to divulge classified or highly sensitive information in its answers to parliamentary questions, Russian intelligence services can still piece together valuable insights from the sheer volume and variety of AfD inquiries. “Apart from insignificant inquiries and sensitive inquiries, there is also a huge gray area,” Henrichmann said. “And what I have regularly heard from various ministries is that individual inquiries are not really the problem. But when you look at these individual inquiries side by side, you get a picture, for example, of travel routes, aid supplies, and military goods to or in the direction of Ukraine.” Henrichmann said AfD parliamentary questions in the Bundestag on subjects such as authorities’ knowledge of Russian sabotage and hybrid activities in the Baltic Sea region as well as of the poisoning of the late Russian opposition leader Alexei Navalny had caught his attention and raised concerns. “Apart from insignificant inquiries and sensitive inquiries, there is also a huge gray area,” Marc Henrichmann said. | Niklas Graeber/picture alliance via Getty Images AfD factions in German state parliaments have submitted more than 7,000 security-related inquiries since the beginning of 2020, according to a data analysis by Spiegel — more than any other party and about one-third of all security-related inquiries combined. In Thuringia — where state intelligence authorities have labelled the AfD an extremist group — the party has submitted nearly 70 percent (1,206 out of 1,738) of all questions filed this legislative period. In the Bundestag, the parties parliamentary questions account for more than 60 percent of all inquiries (636 out of 1,052). The AfD’s strategic use of parliamentary questions is nothing new, experts say. Since entering the Bundestag in 2017, the party has deployed them to flood ministries and to gather information on perceived political adversaries, experts say “From the outset, the AfD has used parliamentary questions to obstruct, paralyze, and also to monitor political enemies,” said Anna-Sophie Heinze, a researcher at the University of Trier. With regard to the flood of inquiries related to national security, the question of what is driving the AfD is largely irrelevant, Jakub Wondreys, a researcher at the Technical University Dresden who studies the AfD’s Russia policy, said. “It’s not impossible that they’re acting on behalf of Kremlin. It’s also possible that they are acting on behalf of themselves, because, of course, they are pro-Kremlin. But the end result is pretty much the same. These questions are a potential threat to national security.”

BERLIN — One of Hungary’s most outspoken critics in Brussels has filed a criminal complaint against Hungarian Prime Minister Viktor Orbán following a failed attempt to hack his email account using spyware in the run-up to the European Parliament elections. German Green MEP Daniel Freund and German NGO the Society for Civil Rights named “Viktor Orbán and unknown” in the complaint, which was seen by POLITICO, and requested that the state prosecutor in the western German city of Krefeld and cyber crime authorities launch an investigation. “There are indications that the Hungarian secret service is behind the attack,” Freund and the NGO said in a joint statement on Wednesday. The complaint gives details about an email that someone claiming to be a Ukrainian student sent to Freund’s parliamentary email address at the end of May 2024. The message asked the MEP to write a short message in which he would share his “beliefs concerning the accession of Ukraine to the European Union,” as well as a link. Freund did not click on the link. The complaint said that Parliament warned Freund that the link contained spyware likely made by the Israeli company Candiru, which was blacklisted by the U.S. government in 2021 for human rights violations. “According to the EU Parliament’s IT experts, the Hungarian government could be behind the eavesdropping on me,” Freund said in a statement. “This comes as no surprise: Orbán despises democracy and the rule of law. If the suspicion is confirmed, it would be an outrageous attack on the European Parliament.” Freund and the NGO asked prosecutors to open an investigation to clarify “the facts of the case” through investigative measures including the questioning of witnesses and conducting an independent forensic analysis. The Hungarian government had not responded to a request for comment at the time of publication. If a device is infected with spyware, attackers can access all stored data and communications. They can also activate the camera and microphone to listen in on conversations. Freund has been one of the key players to have successfully advocated for EU funds for Hungary to be frozen. He also led a push to suspend Hungary’s presidency of the Council of the EU last year.

French prosecutors said Friday that foreign interference is behind a wave of apparently provocative acts — from stunts targeting Muslims to antisemitic graffiti — that have struck Paris in the last two years. Pig heads were found outside nine mosques on Tuesday, shocking the Paris region. “Several of the pig heads had the inscription ‘MACRON’ written in blue ink,” the prosecutor’s office said earlier this week. Prosecutors have not yet publicly named a state actor as being responsible for the various incidents, but the cases echo tactics previously attributed to Russian networks seeking to exploit social fractures in Europe. Foreign interference is “something we must take into account, and that we do take into account, since in making an assessment of this type of acts that have taken place in the Paris area since October 2023, we have nine cases,” Paris prosecutor Laure Beccuau told BFMTV on Friday. “It started with the blue Stars of David,” Beccuau said, referring to an incident that saw the symbols daubed on building walls in the French capitals’s 14th district in October 2023 — and was later linked to pro-Russian interference. “Then came the ‘red hands,’ then splashes of green paint,” she said about attacks that targeted the Paris Holocaust memorial in 2024 and 2025. Earlier this month, pro-Russian posters were discovered on several pillars of the Arc de Triomphe, showing the image of a soldier with the caption, “Say thank you to the victorious Soviet soldier.” Beccuau said investigators have identified similar patterns in the modus operandi of individuals of Eastern European origin arriving for a short period of time in France to carry out these acts. “Sometimes they take photos of what they have done, and send the photos beyond the borders to sponsors,” she said. “Some of the sponsors have been identified … so we are fully able to be convinced that these acts are operations of interference.” Since Russia’s full-scale invasion of Ukraine began in February 2022, French authorities have accused Moscow of spreading disinformation and orchestrating symbolic provocations designed to sow mistrust in institutions and deepen religious or political tensions. Clea Caulcutt contributed to this report.

Prosecutors in Italy opened an investigation on Wednesday into a pornographic website that reportedly included images of female MPs and journalists, including Prime Minister Giorgia Meloni. The Italian leader said she was “disgusted” after learning that doctored images of her and other women appeared on the adult content platform, and called for those responsible to be punished “with the utmost firmness.” The site had more than 700,000 subscribers before it was closed last week. The photos were taken without consent from social media accounts, public sources and OnlyFans accounts, then doctored to emphasize intimate body parts or portray the women in sexual poses. Posts elicited often sexist and sexually explicit comments from male users. One victim told the news website Fanpage the site demanded up to €1,000 a month from victims to take down the pictures. Florence prosecutors opened the investigation after several center-left politicians complained to the police department tackling cybercrime. Hundreds of women have now filed reports. Under prosecutors’ plans, the probe will become part of a massive investigation into revenge porn sites, including a Facebook group called “Mia Moglie,” which saw men sharing intimate images of their own wives and partners online. It was deleted by Meta last week for “for violating our Adult Sexual Exploitation policies.” “I am disgusted by what has happened,” Meloni told Corriere della Sera last week. “I want to extend my solidarity and support to all the women who have been offended, insulted and violated.” She added: “It is disheartening to note that in 2025, there are still those who consider it normal and legitimate to trample on a woman’s dignity and target her with sexist and vulgar insults, hiding behind anonymity or a keyboard.” Senator Mara Carfagna, leader of the center-right We Moderates party, whose pictures also appeared on the website, said it was “horrifying” and has proposed legislation requiring platforms to register the real identity of users and strengthen the copyright of images. Italy introduced the crime of revenge porn — the sharing of sexually explicit images or videos, which were intended to remain private — back in 2019.

Russian basketball player Daniil Kasatkin was arrested in France on a hacking charge at the request of the United States. U.S. authorities believe Kasatkin negotiated payoffs for a ransomware ring that hacked around 900 companies and two federal government entities in the U.S., demanding money to end their attacks, according to a report from AFP. Kasatkin, who was arrested on June 21, denies the allegations. His lawyer, Frédéric Bélot, told POLITICO that Kasatkin is a “collateral victim of that crime” because he bought a second-hand computer with malware.  “He’s not a computer guy,” Bélot said. “He didn’t notice any strange behavior on the computer because he doesn’t know how computers work.” A French court denied Kasatkin bail on Wednesday, and he remains in jail awaiting formal extradition notification from U.S. authorities, according to Bélot. Kasatkin had traveled to France to visit Paris with his fiancée and was detained shortly after arriving at the airport. He played collegiate basketball briefly at Penn State, then four seasons for the Moscow-based MBA-MAI team. Bélot said Kasatkin’s physical condition has deteriorated in jail, which he argued is harming his athletic career. Joshua Berlinger contributed to this report. 

The International Criminal Court (ICC) said it was hit by a “sophisticated and targeted” cyberattack as NATO leaders gathered in The Hague for a summit last week. The ICC, which is based in The Hague, said it detected the incident “late last week” and had contained the threat. “A Court-wide impact analysis is being carried out, and steps are already being taken to mitigate any effects of the incident,” the court said in a statement on Monday. The Hague was the scene of the NATO Summit early last week. Dutch cybersecurity authorities reported a series of cyberattacks known as distributed denial-of-service (DDoS) attacks against local governments and other institutions in the run-up and during the summit. Those attacks, limited in impact, were claimed by known pro-Russian hacktivist groups online. A power outage also caused massive disruption to train traffic in the country last Tuesday. Dutch authorities said they were investigating the incident and the country’s justice minister said he couldn’t rule out sabotage as a possible cause. The ICC in 2023 also reported a hack of its computer systems it believed was an attempt to spy on the institution. The global tribunal has recently come under scrutiny after it issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu and his former defense minister, Yoav Gallant, over Israel’s military campaign in Gaza. The U.S. Trump administration has slapped sanctions on the court’s Chief Prosecutor Karim Khan in response to the arrest warrants. Khan also lost access to his email provided by Microsoft in May, in an incident that has galvanized a political push in Europe to wean off American technology for critical communications.

PARIS — French authorities have denied Telegram founder Pavel Durov’s request to travel to the U.S. for “negotiations with investment funds.” The Paris prosecutor’s office told POLITICO that it rendered its decision on May 12 “on the grounds that such a trip abroad did not appear imperative or justified.” Durov was arrested in August 2024 at a French airport and has been under strict legal control since last September, when he was indicted on six charges related to illicit activity on the messaging app he operates. He is forbidden to leave France without authorization — which he obtained to travel to Dubai from March 15 to April 7, the prosecutor’s office said. Russian-born Durov is a citizen, among other countries, of France and the United Arab Emirates.  Durov’s lawyers in France did not immediately respond to POLITICO’s request for comment. POLITICO has also reached out to his U.S.-based spokesperson for comment. Durov has grown increasingly critical of French authorities since his arrest. On Sunday, as voters headed to the polls for the Romanian presidential election runoff, Durov alleged that the French government — including the head of France’s foreign intelligence agency, Nicolas Lerner — asked him to ban conservative voices on Telegram ahead of the vote. Paris vehemently denied Durov’s claims.

Russian and Iranian agents are behind “state-sponsored terrorism” against Europe, the European Union’s top diplomat said Wednesday, responding to revelations that Russia was recruiting people in Europe to spread disinformation and conduct sabotage and cyberattacks. European public broadcasters revealed Tuesday that pro-Russia hacktivist groups were actively approaching people on social media site Telegram to conduct sabotage and vandalism and support disruptive operations across Europe. Journalists saw and directly received requests to carry out various acts of sabotage, including plastering the EU quarter with anti-NATO stickers and collecting the email addresses of 30 Belgian journalists seen as sympathetic toward the Ukrainians. Participants were promised payments in cryptocurrencies in exchange for the support. “This is the war that is going on in the shadows,” EU High Representative for Foreign Affairs and Security Policy Kaja Kallas told Belgian broadcaster VRT in response. Recent incidents across Europe range from cyberattacks and espionage to targeted arson, undersea cable sabotage and GPS jamming. These attacks “against us are on the rise,” Kallas said. The EU and NATO have ramped up their defenses against such “hybrid threats” in the past months. Kallas singled out Russia and Iran as countries particularly active in Europe. A potential cease-fire between Ukraine and Russia won’t stop these types of attacks in Europe, security officials warned. “This is the war that is going on in the shadows,” EU High Representative for Foreign Affairs and Security Policy Kaja Kallas said. | John Thys/Getty Images NATO’s Deputy Assistant Secretary-General for Innovation, Hybrid and Cyber James Appathurai told VRT that he was “absolutely convinced” that cyberattacks would continue to take place even if Moscow and Kyiv can come to an agreement about putting down their arms. Adversaries “cannot attack us militarily and do not intend to do so. But they are frustrated and want to execute their ambitions in other ways,” Appathurai said.

Cybersecurity experts including the United Kingdom’s former cybersecurity chief are pouring cold water over Elon Musk’s suggestion that a large-scale cyberattack on his social media site X came from Ukraine. Musk on Monday said X had been deluged by a “massive cyberattack” involving “either a large, coordinated group and/or a country.” The tech mogul and close ally of United States President Donald Trump later told the Fox Business channel that “there was a massive cyberattack to try to bring down the X system, with IP addresses originating in the Ukraine area.” But cybersecurity experts were quick to push back. “What Mr. Musk has said is wholly unconvincing based on the evidence so far. It’s pretty much garbage,” Ciaran Martin, a former chief executive of the United Kingdom’s cybersecurity agency, who now teaches at Oxford University, told the BBC on Tuesday morning. The cyberattack on X  impacted users since at least Monday morning and destabilized many features on the website, such as viewing posts and user profiles. Musk’s statements and cybersecurity experts’ observations suggest it was a so-called distributed-denial-of-service attack (DDoS), which involves pointing an overwhelming amount of traffic at a website to bring it down. In a DDoS attack, the origin of IP addresses is largely irrelevant: The attacks come from networks of electronic devices spread across the world, called “botnets,” that direct the traffic to a targeted website. Martin said that could mean some of those devices were from Ukraine, but “some of them will be from Russia, some will be from Britain, from the U.S., South America, everywhere. It tells you absolutely nothing.” Dmitry Budorin, founder of Ukrainian cybersecurity firm Hacken, said on X that DDoS attacks “botnets use hijacked devices worldwide, and the IP addresses seen in the attack traffic are just those of the infected machines, not the masterminds.” Reuters reported an industry source saying the amount of traffic coming from Ukraine appeared “insignificant.” A pro-Palestinian group called Dark Storm claimed responsibility for the attack on its Telegram channel. Cybersecurity researchers at Check Point Research, which has been tracking the group, told POLITICO the Dark Storm group had appeared to show proof that it had carried out the attack — but a spokesperson for Check Point warned that attribution “remains complex.” The cyberattacks on Monday came after days of organized protests and vandalism at industry sites of Musk’s car company Tesla, directly targeting the world’s richest man’s business interests in protest of his role spearheading massive cuts to government departments. Musk has also clashed with Ukraine’s government in recent weeks, including in an ongoing spat about Kyiv’s use of his satellite network Starlink. Lukasz Olejnik, a cybersecurity consultant and visiting senior research fellow at King’s College London, said “multiple scenarios should be considered” when analyzing Musk’s response, “including a potential false-flag operation, perhaps trying to blame Ukraine.” “In realistic terms, such a DDoS should not become a world-impacting event. But the figure of Musk and his importance in current U.S. politics changes the outlook,” Olejnik said.

PARIS — French Foreign Affairs Minister Jean-Noël Barrot voiced his confusion over reports that the United States’ Defense Secretary Pete Hegseth has ordered a halt of offensive cyber operations against Russia. “I have a bit of trouble understanding [Hegseth’s decision],” Barrot told public radio France Inter Monday. The French minister said European Union countries “are constantly the targets” of Russian cyberattacks. Cybersecurity publication The Record on Friday reported that Hegseth had ordered U.S. Cyber Command to stand down from planning offensive cyber operations against Russia. The report was confirmed by other publications shortly after. Cyber Command is the U.S. Department of Defense’s section conducting cyberattacks and cyberdefensive operations. Hegseth’s move raised eyebrows in Europe, where Russia is seen as a main threat in cyberspace together with China. Both French diplomatic officials and President Emmanuel Macron have repeatedly accused Russia of engaging in hybrid warfare against France through cyberattacks. “Russia is attacking us on information, cyber,” Macron said last month, claiming that Moscow was seeking to “destabilize our democracies.” A report published on Feb. 24 by Viginum, the French digital interference service, said France was “the subject of a particularly aggressive and persistent targeting by Russian information threat actors.”