A cyberattack described as “very serious” has been launched on German government IT systems, and is continuing despite promises that it had been brought under control.
The cyberattack has been attributed to a Russian hacking group known as Fancy Bear, but official reports have not confirmed this. It has broadly targeted German government IT systems, and continues to affect the defence and interior ministries’ private networks.
Armin Schuster, an MP who oversees the intelligence services, told the BBC that he was reluctant to comment in detail on the government’s attempts to repel the attack, to avoid tipping off the group responsible.
He said: “It is an ongoing affair, an ongoing attack. So a detailed public discussion would simply be a warning to the attacker which we do not want to make.”
A German interior ministry spokesperson said that the Federal Office for Information Security and intelligence services were still responding to the incident.
How has the attack progressed?
The attack was first reported yesterday yesterday (1 March), and German officials initially assured that it was an isolated attack and was under control. In fact, the media reports that an attack on German government IT systems was initially detected in December, but security staff did not report the attack, even to MPs. It is possible that the attack has been underway for as long as a year.
Instead, the German government allowed the hackers controlled access to their systems, in an attempt to observe the work of the hackers and potentially track down culprits. However today, security officials have confirmed that the attack is ongoing.
What is Fancy Bear?
The Fancy Bear group has previously been linked to an attack on the lower house of the German parliament in 2015. It has also been accused of participating in a hacking attack on the US Democratic National Committee in 2016.
The group is also known by a number of other names, including APT28, and is believed to be linked to Russia’s military intelligence agency.