BERLIN — A cyberattack on German government computer systems thought to have been committed by a Russian-backed hacking group is ongoing and may have caused “considerable damage,” members of parliament’s intelligence oversight committee said Thursday.
News of the hack broke Wednesday with a report from German news agency dpa, and committee members expressed outrage that they first learned of the attack, discovered in December, from the media.
“While there may be good arguments about why some of the information was kept tight during the past weeks, it is completely inacceptable that yesterday afternoon we were informed by dpa,” Greens lawmaker Konstantin von Notz told reporters.
Citing unidentified security sources, dpa reported that the Russian group APT28 hacked into Germany’s foreign and defence ministries and managed to steal data. It said the attack was uncovered in December and may have been going on for a year.
Following the report, the Interior Ministry confirmed a hack of the computers of the “federal administration,” saying “the attack was isolated and brought under control.”
An Interior Ministry spokesman wouldn’t give further details, citing the ongoing analysis and security measures being taken.
Armin Schuster, a member of Chancellor Angela Merkel’s Christian Democrats and chairman of the intelligence oversight committee, called it a “veritable attack” on the government network.
“It’s an ongoing attack and therefore public discussions about details would simply be a warning to the attacker which we don’t want to give,” he said after an emergency meeting of the committee. “The spilling of secrets caused considerable damage, but the government, as of today, is trying to limit the damage.”
Noting the case of a mole in Germany’s foreign intelligence service — convicted in 2016 of selling secrets to the CIA — Left Party lawmaker and intelligence oversight committee member Andre Hahn said that in his opinion “there’s an attempt to downplay this” again in the government.
“I fear that in the coming weeks quite a bit more will come to light,” he said.
According to German media, the breach was allowed to continue so investigators could gather information about the scope and the targets of the attack, and its initiators.
APT28, which has been linked to Russian military intelligence, has previously been identified as the likely source of an attack on the German Parliament in 2015, as well as on NATO and governments in eastern Europe.
Also known by other names including “Fancy Bear,” APT28 has also been blamed for hacks of the U.S. election campaign, anti-doping agencies and other targets.
Following dpa’s report, officials confirmed that there were at least “indications” the Russian hacker group was behind the attack.
“If it turns out to be true, it is a form of warfare against Germany,” the head of the digital affairs committee, Dieter Janacek from the Greens party, told the Berliner Zeitung newspaper. Janacek characterized the attack as “severe” and called on the government to pass on the information it has to parliament.