Russians suspected of new German attack may 'have been inside system for a year'

German intelligence services and federal specialists are investigating "an IT security incident".
Written by David Meyer, Contributor

Video: Australia blames Russia for NotPetya attacks

Hackers -- possibly Russian -- have reportedly had access to the German government's secure network for over a year.

As first revealed by German news agency DPA, the hackers were able to steal data in the intrusion, which was apparently spotted in December.

The report quoted unnamed sources as saying the chief suspect is the notorious APT28 or Fancy Bear group, which was reportedly behind the German parliament's big 2015 hacking and, months later, the Democratic National Committee (DNC) compromise in the US.

Fancy Bear is widely believed to be under the Kremlin's control. Apart from the Bundestag and DNC, its targets have included everyone from the Ukrainian military and US defense contractors, to Russian opposition parliamentarians and the Putin-critical punk group Pussy Riot.

The group's previous German hack involved the Bundestag's regular network. This time it's the secure Berlin-Bonn Information Network (IVBB), an intranet run by the Interior Ministry that comes with higher usage restrictions for users and is supposed to be firewalled to the gills.

According to Der Spiegel, it seems the Foreign Office was targeted, and possible the Defense Ministry as well.

Other users of the IVBB include the Chancellery, the Federal Audit Office and the Bundestag.

Johannes Dimroth, an Interior Ministry spokesman, said in a statement that the intelligence services and Federal Office for Information Security (BSI) were currently investigating "an IT security incident", and "appropriate measures" to protect the network have been taken.

"The attack was isolated and brought under control," Dimroth said, adding that the "ongoing analysis and safeguards" meant no more could be divulged at this point.

The Bundestag's intelligence services oversight committee is meeting Thursday afternoon, and the Interior Ministry suggested that more news on the intrusion may be coming on Friday.

According to Deutsche Welle, opposition lawmakers from three parties -- the FDP, Greens and Left -- are scandalized that they only learned about the attack from the press.

"We expect representatives at the Interior Ministry, Foreign Ministry, Defense Ministry and Federal Office for Information Security to explain themselves," said Manuel Höferlin of the FDP.


The intranet run by the German Interior Ministry comes with higher usage restrictions for users and is supposed to be firewalled to the gills.

Image: Bundesministerium des Innern

Previous and related coverage

Dutch spies tipped off NSA that Russia was hacking the Democrats, new reports claim

Netherlands intelligence penetrated Russia's US election hackers and alerted US counterparts, sources say.

US election hack: Microsoft wins latest round in court against Fancy Bear phishers

A US judge has banned the Fancy Bear hackers from attacking Microsoft's customers.

Four things we learned when Facebook, Google, Twitter testified in Russia inquiry

Tuesday's hearing in the Senate marks the first of several hearings involving the tech giants and how Russian-backed hackers and propagandists used their services to spread misinformation and false news.

Editorial standards