germany

Germany scrambles to contain cyber attack on government systems

Russian hacking group APT28 is suspected of deploying malware to attack information systems linked to Germany's Foreign and Defence Ministries

Bloomberg
19:50 March 1, 2018

Germany has yet to fully contain a cyber attack on the government's computer networks, indicating the threat is more serious than initially thought.

"The federal government is trying to get the situation under control,"  Armin Schuster, head of the German parliamentary body that oversees intelligence operations, said on Thursday at a press conference in Berlin. "The betrayal of state secrets on its own represents significant damage." 

His comments are in contrast to a statement late Wednesday from the Interior Ministry, which said the incursion was "isolated and under control". 

Russian hacking group APT28 is suspected of deploying malware to attack information systems linked to Germany's Foreign and Defence Ministries, news agency Deutsche Presse-Agentur reported, citing unidentified security officials.

Schuster declined to comment on specifics, saying: "It's an ongoing attack. Because of this, any public discussion about details would simply be a warning to the attackers."

'High-priority case'

German intelligence services and the Federal Office for Security in Information Technology are investigating an incident affecting government data networks, the Interior Ministry said, adding that the incident is a "high-priority case"  and officials were devoting "significant resources"  to the investigation.

The breach was initially discovered in December. German investigators determined that the suspected hackers managed to seize information, DPA cited the officials as saying. The cyber activity may have lasted over a year, it said.

APT28, also known in the intelligence community as "Fancy Bear",  has been linked to attacks against the U.S. Democratic Party, the White House and NATO. The group has targeted European government institutions and private companies over the past few months, according to Ben Read, who tracks cyber espionage for IT security company FireEye.

"This group has a lot of resources,"  Read said in a telephone interview. "APT28's primary mission is to gather intelligence in support of the Russian government. The Russian government wants to know what's Germany's foreign policy is. It's important to them."