Cyberattack against German government 'ongoing'

Spokesman Armin Schuster talking to journalists after a meeting about the hack at the parliament in Berlin.
Spokesman Armin Schuster talking to journalists after a meeting about the hack at the parliament in Berlin.PHOTO: AFP

BERLIN (AFP) - Germany's government IT network is suffering an "ongoing" cyberattack, the parliamentary committee on intelligence affairs said on Thursday (March 1), without confirming a media report that Russian hackers were behind the assault.

"It is a real cyberattack on parts of the government system. It's an ongoing process, an ongoing attack," said Armin Schuster, chairman of the committee, adding that no further details could be given to avoid passing crucial information on to the attackers.

Quoting unnamed security sources, German news agency DPA reported on Wednesday that the same group of Russian hackers blamed for hitting the German parliament's IT system in 2015 had now infiltrated a broader government network that includes the foreign and interior ministries.

It said the hacker group known as APT28 - which has been linked to Russia's GRU military intelligence agency and accused of attacks on Hillary Clinton's 2016 presidential campaign - managed to plant malware in the ministries' networks for possibly as long as a year.

German security authorities only detected the online spying in December, the report said.

Konstantin von Notz, deputy of the committee, complained it was "completely unacceptable" that members of the oversight body only learnt of the attack through the media.

The government insisted the attack was being contained.

The interior ministry's parliamentary state secretary, Ole Schroeder, told regional newspaper group RND that the attack was "under control" after "a very successful operation by the federal security authorities".

"We succeeded, through excellent cooperation, to isolate and bring under control a hacker attack on the federal network," he said, adding however that the security measures had "not yet been completed".


Top security officials had repeatedly warned during Germany's 2017 general election campaign that Russian hackers may seek to influence or disrupt the polls.

While authorities did not have concrete proof, they have pinned the malware attack that crippled the Bundestag parliamentary network in 2015 for days on the APT28, also known as "Fancy Bear" or "Sofacy".

The attack netted 17 gigabytes of data which, officials feared, could be used to blackmail MPs or discredit them.

In a separate assault, several German political parties were in September 2016 sent fake emails purporting to be from Nato headquarters that contained a link that installed spying software on victims' computers.

The emails affected party operations such as a regional network of Chancellor Angela Merkel's Christian Democratic Union and the federal offices of the far-left Die Linke party.

Amid the rising frequency of attacks, Germany's defence ministry in 2016 set up a cyber department to coordinate the response to online intrusions.

Merkel, preparing the German population to deal with online attacks, has said that people should "not allow themselves to be irritated" by such rogue operations.

"You just have to know that there's such a thing and learn to live with it," she said.