BERLIN — A cyberattack on German government computer systems thought to have been committed by a Russian-backed hacking group is ongoing and may have caused “considerable damage,” members of parliament’s intelligence oversight committee said Thursday.
News of the hack broke Wednesday with a report from German news agency dpa, and committee members expressed outrage that they first learned of the attack, discovered in December, from the media.
“While there may be good arguments about why some of the information was kept tight during the past weeks, it is completely inacceptable that yesterday afternoon we were informed by dpa,” Greens lawmaker Konstantin von Notz told reporters.
Citing unidentified security sources, dpa reported that investigators believe a Russian group known as Snake carried out the hack that breached Germany’s foreign and defense ministries and managed to steal data. It said the attack was uncovered in December and may have been going on for a year.
Earlier, dpa had reported that the group behind the attack was APT28, also known by other names including “Fancy Bear.” APT28, which has been linked to Russian military intelligence, has previously been blamed for attacks on the German Parliament in 2015, as well as on NATO, governments in eastern Europe, the U.S. election campaign, anti-doping agencies and other targets.
The Interior Ministry on Wednesday confirmed that networks belonging to the “federal administration” had been hacked into, saying “the attack was isolated and brought under control.”
An Interior Ministry spokesman wouldn’t give further details, citing the ongoing analysis and security measures being taken.
Armin Schuster, a member of Chancellor Angela Merkel’s Christian Democrats and chairman of the intelligence oversight committee, called it a “veritable attack” on the government network.
“It’s an ongoing attack and therefore public discussions about details would simply be a warning to the attacker which we don’t want to give,” he said after an emergency meeting of the committee. “The spilling of secrets caused considerable damage, but the government, as of today, is trying to limit the damage.”
Left Party lawmaker and intelligence oversight committee member Andre Hahn said that in his opinion the government is trying to “downplay” the significance of the attack.
“I fear that in the coming weeks quite a bit more will come to light,” he said.
German media reported the breach was allowed to continue so investigators could gather information about the scope and the targets of the attack, and its initiators.
According to Germany’s domestic intelligence agency, Snake — the group suspected to be behind the attack — first surfaced in 2005 and uses “a very complex and high quality software” that also goes by the name Uroburos or Turla.
“The selection of targets indicates state interests: those affected are government agencies and targets in business and research,” Germany’s BfV spy agency said in its annual report for 2016.
The dpa news agency reported that the attackers entered government networks through a training academy for civil servants, then carefully made their way into other parts of the system.
Following dpa’s report Wednesday, officials confirmed that there were at least “indications” that Russian hackers were behind the attack.
“If it turns out to be true, it is a form of warfare against Germany,” the head of the digital affairs committee, Dieter Janacek from the Greens party, told the Berliner Zeitung newspaper. Janacek characterized the attack as “severe” and called on the government to pass on the information it has to parliament.
David Rising contributed reporting.