Hackers target German government
Attack on network caused considerable damage; blame focused on Russian group
BERLIN — A cyberattack on German government computer systems thought to have been committed by a Russian-backed hacking group is ongoing and may have caused “considerable damage,” members of parliament’s intelligence oversight committee said Thursday.
News of the hack broke Wednesday with a report from German news agency dpa, and committee members expressed outrage that they first learned of the attack, discovered in December, from the media.
“While there may be good arguments about why some of the information was kept tight during the past weeks, it is completely unacceptable that yesterday afternoon we were informed by dpa,” Greens lawmaker Konstantin von Notz told reporters.
Citing unidentified security sources, dpa reported that investigators believe a Russian group known as Snake carried out the hack that breached Germany’s foreign and defence ministries and managed to steal data. It said the attack was uncovered in December and may have been going on for a year.
The Interior Ministry on Wednesday confirmed that networks belonging to the “federal administration” had been hacked into, saying “the attack was isolated and brought under control.”
An Interior Ministry spokesperson wouldn’t give further details, citing the ongoing analysis and security measures being taken.
Armin Schuster, a member of Chancellor Angela Merkel’s Christian Democrats and chair of the intelligence oversight committee, called it a “veritable attack” on the government network.
“It’s an ongoing attack and therefore public discussions about details would simply be a warning to the attacker which we don’t want to give,” he said after an emergency meeting of the committee. “The spilling of secrets caused considerable damage, but the government, as of today, is trying to limit the damage.”
German media reported the breach was allowed to continue so investigators could gather information about the scope and the targets of the attack, and its initiators.
According to Germany’s domestic intelligence agency, Snake — the group suspected to be behind the attack — first surfaced in 2005 and uses “a very complex and high quality software” that also goes by the name Uroburos or Turla.
The dpa news agency reported that the attackers entered government networks through a training academy for civil servants, then carefully made their way into other parts of the system. Officials confirmed there were “indications” that Russian hackers were behind the attack.