The German Interior ministry has confirmed that it has identified a serious attack against its servers, amidst reports that the culprits were the Russian APT28 – aka Fancy Bear – hacking group.
On Wednesday local news site DPA International reported that the German government discovered a serious intrusion into its servers in December 2017. The attack is thought to have seen data exfiltrated for up to a year before its discovery.
Johannes Dimroth, a spokesman for the ministry, confirmed that "government information technology and networks," had been affected by an intrusion. "The incident is being treated as a high priority and with substantial resources," he said.
Fancy Bear has been active for at least a decade. Its activities have often non-Russian government targets. The group was fingered for the Democratic National Committee hack ahead of the 2017 US Presidential election, attacks during the 2017 French election, brazen rummaging in Finnish security forces' servers and even attacks on the sports doping authorities.
In December 2016 Germany's Federal Office for the Protection of the Constitution took the unusual step of issuing a public warning about hacking ahead of national elections in September 2017. That warning named Russia as the likely culprit.
Russia has always denied that it has anything to do with Fancy Bear, but the types of malware used, the software and coding styles, and its choice of targets suggest that Putin and his pals might have Fancy Bear dancing to their tune.
This latest attack on Germany will not serve to warm relations between these two historical enemies. With Russia looking to take an increasingly muscular role in European affairs, hopefully such conflicts will not leave the online realm. ®