The senior security official, who spoke on the condition of anonymity because he was not authorized to comment on the record, said the Federal Office for the Protection of the Constitution and the Federal Office for Information Security allowed the malicious program to keep running in recent months so they could monitor hacker activity. But no significant data was transmitted, according to the official. He said at some stage German officials decided to stop monitoring.
The official also said the country’s security agencies suspected that the Russian-linked hacking network known as APT28, or Fancy Bear, was behind the attack. Germany’s Süddeutsche Zeitung reported that the hackers may have had access to German governmental networks for up to a year.
Fancy Bear has previously been connected to a range of cyberattacks, including one in which phishing and malware was used to infiltrate the U.S. Democratic National Committee before the 2016 presidential election, as well as the networks of Emmanuel Macron’s election campaign before last year’s French presidential election, according to the Tokyo-based cybersecurity research group Trend Micro.
The extent of damage in Germany, if any, was not made public. The interior ministry said in a statement that the breach was “isolated and brought under control.”
Still, the revelation that sensitive systems had been penetrated, with potential Russian fingerprints, represented a major breach just three years after suspected Russian hackers broke into the computer networks at the German parliament and made off with 16 gigabytes worth of data, enough for about a million emails. The information stolen in that attack has never been published.
If the Russian link is proved, it could mark a potential escalation in hostilities between Moscow and the West.
“If the details reported so far are accurate, this attack represents an unprecedented incident,” said Sven Herpig, Director for International Cyber Politics at Germany’s New Responsibility Foundation. “The prior hacking of the German parliament was also problematic, but it only lasted for a short period of time.”
He indicated that whoever was behind the latest attack must have assumed that it would eventually become public.
“Following the parliamentary breach, the German government strongly urged Russia to refrain from attacks,” Herpig said. “The likelihood that such incidents become public relatively quickly is high.”
Some experts believe Fancy Bear was also behind the cyberattack on the parliament, known as the Bundestag, though other experts say there’s not sufficient proof. German security officials publicly said they believed that attack was of Russian origin.
Mekhennet reported from Frankfurt, Noack from London and Beck from Berlin. Griff Witte contributed from Athens.
Russian hackers who compromised DNC are targeting the U.S. Senate, company says
Obama’s secret struggle to punish Russia for Putin’s election assault
Today’s coverage from Post correspondents around the world
Like Washington Post World on Facebook and stay updated on foreign news