Notorious Russia-linked hacking outfit Fancy Bear has breached a host of high-profile targets around the globe, including the U.S. Democratic National Committee and the International Olympic Committee, according to cyber security experts.
Now, the hacking group has pulled off a wide-ranging penetration of Germany’s government that affected both foreign and defence ministries, in an attack that German officials say could have lasted up to a year.
German security sources told the country’s largest news agency dpa on Wednesday that as early as 2016 the hacking group deployed malicious software to infiltrate multiple agencies and steal data, breaking into the foreign and defense ministries, the Chancellery and Federal Court of Auditors.
Germany’s Interior Ministry publicly confirmed the cyberattack without details. "We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cybersecurity incident concerning the federal government's information technology and networks," a ministry spokesman told Deutsche Welle.
The group reportedly hacked into a government computer system specifically designed to operate separately from other public networks to ensure extra security known as the "Informationsverbund Berlin-Bonn" (IVBB) network. The system is used by the German Chancellery, parliament, federal ministries and several security institutions.
The cyber intrusion has been "isolated and brought under control," the Interior Ministry told dpa.
"The incident is being treated as a high priority and with substantial resources," said Johannes Dimroth, a ministry spokesman.
Fancy Bear, sometimes called APT28 or Pawn Storm, is believed to be running a global hacking campaign that’s “as far-reaching as it is ambitious,” according to a report by computer security firm Trend Micro.
Fancy Bear “is an active cyber espionage actor group that has been very aggressive and ambitious in recent years,” Trend Micro wrote. “The group’s activities show that foreign and domestic espionage and influence on geopolitics are the group’s main motives, and not financial gain. Its main targets are armed forces, the defense industry, news media, politicians, and dissidents.”
On Wednesday, cyber security firm Palo Alto Networks released a report saying Fancy Bear now appears to be using malicious emails to target North American and European foreign affairs officials, including a European embassy in Moscow.
Cover image: A solider watches code lines on his computer at the French Defense ministry stand during the International Cybersecurity forum in Lille, northern France, Tuesday Jan. 23, 2018. (AP Photo/Michel Spingler)