Cyber Attack On German Government

Uploaded on 2018-03-05 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

Cyber spies belonging to the Russian hacker group "APT28" are said to have attacked the federal government's sensitive data network. 

 Kremlin spokesman Dmitry Peskov on Friday 2nd March dismissed a suggestion that Russian hackers were behind a cyber-attack in Germany, saying that Russia was now being blamed for any such attack and without any proof. 

What we know

The security authorities first noticed the attack in mid-December. It is said to have begun no later than summer 2017, in the midst of the election campaign for the September Bundestag elections. It may well be that the attack started much earlier - the security services have not ruled out that it has been going on for a year.

According to information from German intelligence circles, the Russian hacker collective APT28 is behind the attack. Digital security experts also suspect that the Russian government is linked to the hacker group. However, it cannot be completely ruled out that other hackers or countries are also behind the attack, digital traces can also be easily falsified.

According to information from security circles, the foreign and defence ministries have been attacked.

The attack is still ongoing. On Thursday 1st March the Bundestag’s intelligence committee confirmed that the attack was still taking place. Armin Schuster, the head of the committee said that “any public discussion of the attack’s details would be a warning to the attackers that we don’t want to give.” The security services have allowed the attack to continue in order to gather information on the hackers, according to dpa security sources.

But state officials insist it is under control.

The interior ministry's parliamentary state secretary, Ole Schroeder, told regional newspaper group RND that the attack was "under control" after "a very successful operation by the federal security authorities".

"We succeeded, through excellent cooperation, to isolate and bring under control a hacker attack on the federal network," he said, adding however that the security measures had "not yet been completed."

What we don’t know

The attackers are said to have searched for data on specific topics. Rather than steal vast quantities of data, the hackers reportedly chose their targets very carefully. Patrick Sensburg, an MP for the Christian Democrats, said on broadcaster ZDF that it was necessary to check whether any data had been leaked. This isn’t the first time that the APT28 has been accused of hacking German state computer systems. In 2015 they allegedly hacked the Bundestag and stole a total of about 16 gigabytes of data, according to German intelligence services.

Some security experts have however said there is not definitive proof the ATP28 were behind that attack, as the software they use is available online.

Further victims? It is unclear whether other institutions connected to the federal data network, such as security authorities, are also affected by the hacker attack. If the hackers penetrated deeper into the network, the consequences for security would be unforeseeable.

There are many different ways to carry out such an attack. For example, in the cyber-attack on the Bundestag, the Trojans that were ultimately used were assembled in the parliament's network from individual parts hidden in various mail attachments. But nothing has yet leaked out into the public domain on how this attack was carried out.

It is still unclear at this stage what the attack means for the government data network. After the Bundestag attack in 2015, it was the case that in a time-consuming and costly action, the entire data network had to be redesigned.

The Local:         Reuters:

You Might Also Read: 

German Spies Warn Of Chinese Espionage:

Was The German Election Hacked?:

« UK Cyber Attacks Will ‘Get Worse’ Post-Brexit
High Performance Face Recognition »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

Hack in the Box Security Conference (HitBSecConf)

Hack in the Box Security Conference (HitBSecConf)

HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events feature two days of training and a two-day multi-track conference

Aqua Security Software

Aqua Security Software

Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

Military Cyber Professionals Association (MCPA)

Military Cyber Professionals Association (MCPA)

MCPA are a team of Soldiers, Sailors, Airmen, Marines, Veterans and others interested in the development of the American military cyber profession.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

Digimune

Digimune

Digimune is an all-encompassing cloud-based cyber risk protection platform that guards you against the dangers of our digital world.

FoxPointe Solutions

FoxPointe Solutions

FoxPointe Solutions is a full-service cyber risk management and compliance firm.

Kahootz

Kahootz

Kahootz is a highly secure cloud collaboration platform helping teams to work together across organisations.