German investigators uncovered a possible Russian state attack on the government in December which infiltrated a secure communications network, it has emerged.
The country’s Interior Ministry confirmed the incident yesterday, with reports suggesting that the hackers were allowed to stay in the system so that investigators could find out more about them.
"We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cybersecurity incident concerning the federal government's information technology and networks," a spokesperson told reporters.
“The attack was isolated and brought under control within the federal administration.”
It’s unclear how much, if any, data was compromised, but the attackers are said to have accessed the high security “Informationsverbund Berlin-Bonn” (IVBB) network used exclusively by the Chancellery, the German parliament, federal ministries, the Federal Audit Office and several security institutions in Berlin and Bonn, according to Deutsche Welle.
Russia is again suspected of orchestrating the attack. The infamous APT 28/Fancy Bear group was linked to the 2015 attack on the Bundestag which apparently exposed the accounts of all lawmakers including chancellor Angela Merkel’s.
Splunk security evangelist, Matthias Maier, claimed that all organizations today can be targeted and hacked.
“In this instance the authorities, supported by specialists, need to investigate what happened over a year ago in their environment to identify how the attacker got in, what the weak point was, what was accessed and what systems might have been compromised,” he added.
"Hopefully, the organization has collected and stored all log data from its entire digital infrastructure in order to put these pieces of the puzzle together.”
ForeScout VP EMEA, Myles Bray, added that visibility is a vital prerequisite for a strong security posture.
“While details are still emerging, there is speculation that the bad actors had access to the network for more than a year before being discovered," he said.
“Today’s news is another wake-up call. If the government of one of the most developed nations in the world cannot protect itself, business leaders need to review their own security measures to make sure they are up to the task, particularly with GDPR and its related fines looming large on the horizon.”