German officials are blaming Russian-linked black-hat hackers for breaching several federal agencies and stealing sensitive information.
On 28 February, sources told Deutsche Presse-Agentur (dpa) that the Russian digital espionage group APT28 used malware to target the German government’s secure computer network.
The attack is believed to have affected multiple agencies, including the foreign and defense ministries, the German chancellery, and the Federal Court of Auditors. Those responsible for the breach did steal data, officials confirmed. Even so, the extent to which the black-hat hackers penetrated Germany’s network remains unclear as of this writing.
Germany discovered the attack in December 2017. Sources close to the investigation think the bad actors maintained access to the network for at least a year.
This isn’t the first time that the German government has accused APT28 of targeting its systems. IT members for the federal government blamed the digital espionage group for hacking the German parliament and spying on the offices of German Chancellor Angela Merkel in 2015. Researchers have also blamed the criminals, which also go by the names Sofacy and FANCY BEAR, for a series of security incidents outside of Germany including hacking attacks directed against NATO, the World Anti-Doping Agency, and the Democratic National Committee.
Moscow has denied any involvement in all of these attacks.
The German parliament’s digital committee is expected to meet on 1 March to discuss the attack. Committee spokesman Manuel Hoeferlin hopes the affected agencies will receive more information about the revelations around that time:
The successful cyberattack makes clear that the government’s data network is not sufficiently protected. In light of the sensitivity of such information, this is an unacceptable condition. We expect the representatives of the Interior Ministry, the Foreign Ministry, the Defence Ministry and the federal agencies responsible for IT security to offer an explanation.
Johannes Dimroth, spokesman for the Interior Ministry, said those agencies affected by the attack have already implemented protective measures to help prevent a similar intrusion in the future.
Investigations into the breach remain ongoing as of this writing.