German government cyberattack was ongoing for months

1 Mar 2018

Berlin, Germany. Image: Canadastock/Shutterstock

The German media is blaming a security breach on Russian hacking group Fancy Bear.

The German news agency DPA reported that hackers were accessing servers belonging to the German government until at least Wednesday (28 February).

Security officials in the country had been working to gather intelligence on the goals and identity of the hacker. Many are reporting it to be the handiwork of notorious cyber-espionage collective Fancy Bear, which many people believe has ties to the Russian government.

German intelligence service agents are meeting today (1 March) to discuss the attack.

An isolated incident

Patrick Sensburg, a member of the government committee tasked with overseeing intelligence agencies in Germany, told ZDF television that analysis of the incident would take time.

Sensburg described the incident as “isolated” and assured viewers that it had been contained safely.

Too early for definite answer

Sensburg also said it was premature at this point to link the attack to Fancy Bear, but did note that there was enough evidence to support claims that the group did have links to Russia.

He described recent cyber-espionage events around the globe as “a sort of war going on with the internet” and neither confirmed nor denied that any data was stolen or what type it may have been.

The breach is apparently more clearly focused on data of higher sensitivity than the 2015 attack of the Bundestag that resulted in gigabytes of data going missing.

The attackers are reported to have targeted the internal communications network of the German federal government with malware.

There have been numerous warnings about foreign interference with Germany’s cybersecurity infrastructure, with last year’s election being a prime example of potential threats.

German interior ministry makes statement

A spokesperson for the German interior ministry yesterday said: “We can confirm that the Federal Office for Information Security and intelligence services are investigating a cybersecurity incident concerning the federal government’s information technology and networks.

“The attack was isolated and brought under control within the federal administration.”

DPA cited security agents who believed the piece of malware placed in the government network could have been there for as long as a year.

Deutsche Welle said: “The hackers reportedly infiltrated the government’s Informationsverbund Berlin-Bonn network, a specially designed communications platform that sits separate from other public networks for supposed added security.”

German opposition politicians are angered by the way it is being handled. “If the government knew about this since December, the fact that lawmakers responsible for oversight of [digital affairs] had to learn of it through the press is really scandalous, said the Left Party’s cyber expert, Anke Domscheit-Berg.

Updated, 2.20pm, 1 March 2018: This article was updated to correct an error regarding the date of a meeting due to take place on 1 March.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com