Published: Sun, March 04, 2018
Economy | By

Russian group hacked German government network

Russian group hacked German government network

Parliament's committee for digital affairs conducted an emergency meeting to review the details and demanded more information about the attack which then became public on Wednesday.

Benjamin Read, head of cyber espionage analysis at FireEye, a US-based cyber security firm, said the German incident could be part of a series of attacks carried out by APT28 against United States and European government-related entities in 2016 and 2017. "The spilling of secrets caused considerable damage, but the government, as of today, is trying to limit the damage".

The German Press Agency (DPA) reported, citing unnamed security sources, Russian hackers breached the government network with a piece of malware likely placed in a central government network potentially remaining for up to a year.

The Fancy Bears group is thought to be allegedly linked to Russian Federation by a number of states, however, these claims have never been proven.

He added that the targeted ministries have investigated the cyberattack and added additional measures to protect data.

The country's interior ministry said on Wednesdy that the incident was "isolated and [had been] brought under control within the federal administration". "The incident is being treated as a high priority and with substantial resources", he said.


Following the briefing, opposition lawmakers warned that the hack may have caused "considerable damage" and questioned why Merkel's government had not briefed them on the incident sooner. Ryan Olson, senior threat intelligence director at Palo Alto Netoworks' Unit 42 research team, told CyberScoop that it's not clear if the new research and German data breach are in anyway connected.

Green party leader Katrin Göring-Eckardt said the government only had itself to blame for having failed to keep its network secure. Many are reporting it to be the handiwork of notorious cyber-espionage collective Fancy Bear, which many people believe has ties to the Russian government.

But she added: "At this moment there is no discussion of that".

He declined to give any further information, saying that the attack was continuing, as was an investigation into who might be behind it.

The confirmation of the breach came from Johannes Dimroth, a spokesman for the German Interior Ministry, but he did not comment on the possible perpetrator.

That information, while unconfirmed, was supported by a report by Palo Alto Networks, a cyber security firm, pointing to what it called "a new set of attacks" by Russian hackers that appeared to be aimed at the diplomatic community in the West.

Like this: