German government network hack caused ‘considerable damage’
The Russian group APT28 hacked into the foreign and defence ministries and managed to steal data for as long as a year, reports said.
A cyber attack on German government computer systems thought to have been committed by a Russian-backed hacking group is ongoing and may have caused “considerable damage”, members of a German parliament committee said.
MPs on the intelligence oversight committee expressed outrage that they first learned of the APT28 attack, discovered in December, from the media after a report by German news agency dpa.
Greens MP Konstantin von Notz said: “While there may be good arguments about why some of the information was kept tight during the past weeks, it is completely unacceptable that yesterday afternoon we were informed by dpa.”
Citing unidentified security sources, the dpa reported that the Russian group APT28 hacked into Germany’s foreign and defence ministries and managed to steal data. It said the attack was uncovered in December and may have been going on for a year.
Following the report, the interior ministry confirmed a hack of the computers of the federal administration, saying the attack was “isolated and brought under control”.
Armin Schuster, a member of Chancellor Angela Merkel’s Christian Democrats and chairman of the intelligence oversight committee, called it a “veritable attack” on the government network.
He said: “It’s an ongoing attack and therefore public discussions about details would simply be a warning to the attacker, which we don’t want to give.
“The spilling of secrets caused considerable damage, but the government, as of today, is trying to limit the damage.”
Noting the case of a mole in Germany’s foreign intelligence service — convicted in 2016 of selling secrets to the CIA — Left Party MP and intelligence oversight committee member Andre Hahn said that in his opinion “there’s an attempt to downplay this” again in the government.
“I fear that in the coming weeks quite a bit more will come to light,” he said.
According to German media, the breach was allowed to continue so investigators could gather information about the scope and the targets of the attack, and its initiators.
APT28, which has been linked to Russian military intelligence, has previously been identified as the likely source of an attack on the German Parliament in 2015, as well as on Nato and governments in eastern Europe.
Also known by other names including “Fancy Bear”, APT28 has also been blamed for hacks of the US election campaign, anti-doping agencies and other targets.
Following dpa’s report, officials confirmed that there were at least “indications” the Russian hacker group was behind the attack.
“If it turns out to be true, it is a form of warfare against Germany,” the head of the digital affairs committee, Dieter Janacek from the Greens party, told the Berliner Zeitung newspaper.
Mr Janacek said the attack was “severe” and called on the government to pass on the information it has to parliament.