Germany Says Hackers Infiltrated Main Government Network

BERLIN — Hackers using highly sophisticated software penetrated the German government’s main data network, a system that was supposed to be particularly secure and is used by the chancellor’s office, ministries and the parliament, government officials have said.

German news outlets, citing security sources, have widely blamed a Russian hacking group backed by the Russian government — either one called Snake, or another known as APT28, or Fancy Bear. But Berlin has not publicly said who was behind the attack.

The attack was narrowly targeted, apparently seeking specific information, said Patrick Sensburg, a lawmaker with the governing Conservative Party. Officials would not say how successful the intrusion was, or what data the hackers may have taken.

The parliamentary committee responsible for monitoring Germany’s intelligence services called a special session Thursday, demanding information about the hacking, which was first reported Wednesday by the German news agency DPA.

“We have suffered a veritable cyberattack on parts of the government network,” Armin Schuster, a member of Chancellor Angela Merkel’s conservative party, told reporters Thursday.

He declined to give any further information, saying that the attack was continuing, as was an investigation into who might be behind it. “A public discussion would serve as a warning to the attackers that we simply do not want to give them,” Schuster said.

Germany’s Interior Ministry confirmed the attack Wednesday, describing it as “isolated” and having been “brought under control.” But the ministry would not say whether Russian hackers were responsible, and declined to give any more details.

The attack comes two years after German security officials determined that Fancy Bear hackers were able to breach the German parliament’s data network, leading to calls for increased security on the country’s most sensitive systems.

The same group has been accused of breaching the computer servers of the Democratic National Committee in the United States, leading to the release of embarrassing emails during the 2016 campaign, and of targeting Olympic athletes and circulating their emails.

German security officials warned in the months leading up to a national election in September that the country remained vulnerable to “cyberespionage,” but the country appeared to have escaped any attacks on the level of those seen during the presidential campaigns in the United States and France.

Süddeutsche Zeitung, a left-leaning German daily, reported that the country’s Foreign Ministry had been among the targets of the most recent attack, citing anonymous sources within the ministry. That information, while unconfirmed, was supported by a report by Palo Alto Networks, a cybersecurity firm, pointing to what it called “a new set of attacks” by Russian hackers that appeared to be aimed at the diplomatic community in the West.

Investigators with Palo Alto Networks said that groups associated with Fancy Bear had used “malicious emails targeting foreign affairs agencies and ministries in North America and Europe, including a European embassy in Moscow.” German media reported that the country’s Defense Ministry had also been targeted.

Sensburg refused to place blame on the Russians, insisting that authorities would need time to determine who was behind the attack.

“Whether this really was the work of this hacking collective must be carefully investigated,” he told ZDF, a public broadcaster, before the parliamentary committee convened Thursday. “As this involved the government network, which is used for communication and email traffic and a lot of daily exchanges, but does not primarily involve secret or top-secret information, it must also be carefully examined whether data has been leaked.”

Unlike the 2015 hacking attack on the German parliament, which succeeded in breaching the system and making off with 16 gigabytes of sensitive information, Sensburg said the most recent attack appeared to be more refined, clearly targeting specific information.

Despite attempts to play down the communication exchanged on the government network, known as the IVBB, it would be of interest for anyone seeking to spy on German intelligence. The network allows the chancellery, ministries, security services and federal auditing office to exchange information with one another. Offices in Bonn, the former West German capital, and in Berlin, are included on the specially secured network.

Efforts to bolster Germany’s data security have been a point of debate for months. The country’s military is allowed to legally initiate a cyber-offensive to combat a hacking attack on its resources, but there is no such law that would permit similar defense of the country’s civilian infrastructure.