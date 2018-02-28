Germany Admits Russian Hackers Infiltrated Foreign and Defense Ministries

(Source: Deutsche Welle German Radio; issued Feb 28, 2018)

German security services have admitted they uncovered a Russian cyberattack on the foreign and defense ministries in December. Sources say the malware had been planted up to a year earlier.



The German government admitted on Wednesday that the foreign and defense ministries had been infiltrated by Russian hacking group APT28.



Citing anonymous sources, the German news agency dpa reported the group likely placed a piece of malware in a key government network. The malware could have remained in the government's networks for as long as a year, security officials said.



The German Interior Ministry confirmed the breach. "We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cybersecurity incident concerning the federal government's information technology and networks," an Interior Ministry spokesman said.



The targeted ministries had since taken necessary measures to investigate the attack and protect their data, the spokesman added.



How much data was intercepted in that time remains unclear.



"Secure" network jeopardized



The hackers reportedly infiltrated the government's "Informationsverbund Berlin-Bonn" (IVBB) network, a specially designed communications platform that sits separate from other public networks for supposed added security. It's used exclusively by the Chancellery, the German parliament, federal ministries, the Federal Audit Office and several security institutions in Berlin and Bonn, the former German capital where some ministries still have offices.



The government said it receives roughly 20 attempted hacking attacks per day, while German intelligence services also carry out penetration tests once per week.



APT28's alleged Kremlin ties



APT28, also known as Fancy Bear, has been linked to Russian military intelligence. The group was identified as the likely source of an attack on the German parliament in 2015, as well as NATO and governments in eastern Europe.



The group's 2015 attack on the Bundestag was so far-reaching that the German government was forced to replace its entire IT infrastructure.



German officials had feared that a trove of private documents could be released ahead of last September's federal elections, as happened just before the final round of the French election in May. However, those fears proved unfounded.



