The German government said on Wednesday that hackers had breached the network of government computers with an isolated attack that had been brought under control and which was being investigated by security officials.
A spokesman for the German Interior Ministry told Reuters that the affected government agencies had taken appropriate measures to investigate the incident and protect data. However, he did not comment on German media reports that the attack was launched by APT28/Sofacy, a Russian hacking group that already hacked the German government in 2015.
According to reports, the group managed to steal data from the Foreign and Defence Ministries in the latest attack and German media reported that the attack took place in December.
Jens Zimmermann, the Social Democrats' (SPD) spokesman for digital issues, said the German parliament's Digital Agenda committee had agreed unanimously to hold an extraordinary meeting, and he tweeted: “The federal government must inform parliament comprehensively.”
News of the attack on German government computers comes after repeated warnings about possible meddling by Russia in last year's federal election by German intelligence officials. Sofacy, a hacking group that targeted Europeans and North Americans last month, is believed to be backed by the Russians, so they are under suspicion. Moscow has previously denied in any way having been involved in cyberattacks on the German political establishment.
Top German intelligence officials have urged lawmakers to give them greater legal authority to “hack back” in the event of cyberattacks from foreign powers.
Myles Bray, VP EMEA at ForeScout, commented in an email to SC Media UK: “The German government hack underscores the importance of having a strong security posture that starts with a foundation of visibility -- knowing exactly what devices are connecting to your network -- to protect against the sophistication of modern cyberattacks.
“While details are still emerging, there is speculation that the bad actors had access to the network for more than a year before being discovered.
“Today's news is another wakeup call. If the government of one of the most developed nations in the world cannot protect itself, business leaders need to review their own security measures to make sure it is up to the task. Particularly with GDPR and its related fines looming large on the horizon.”
Matthias Maier, security evangelist at Splunk added in an email to SC: “This disclosure from the German Interior Ministry highlights that every organisation can be targeted and hacked, regardless of its sector or industry. What continues to be key is how prepared organisations are to respond if all prevention techniques that have been deployed fail.
“In this instance the authorities, supported by specialists, need to investigate what happened over a year ago in their environment to identify how the attacker got in, what the weak point was, what was accessed and what systems might have been compromised. Hopefully, the organisation has collected and stored all log data from its entire digital infrastructure in order to put these pieces of the puzzle together.
“The reports so far in the news have indicated that the detection happened in December and it continues to be investigated, highlighting the complexity involved in such a process. It also demonstrates the need for log data to be held in a centralised platform where it can be searched and analysed quickly by multiple stakeholders in an investigation.”
