Further Cyberattacks On German Government Networks

Cyber spies belonging to the Russian hacker group "APT28" are said to have attacked the federal government's sensitive data network. 

Kremlin spokesman Dmitry Peskov on Friday 2nd March dismissed a suggestion that Russian hackers were behind a cyber-attack in Germany, saying that Russia was now being blamed for any such attack and without any proof. 
What we know

The security authorities first noticed the attack in mid-December. It is said to have begun no later than summer 2017, in the midst of the election campaign for the September Bundestag elections. It may well be that the attack started much earlier - the security services have not ruled out that it has been going on for a year.

According to information from German intelligence circles, the Russian hacker collective APT28 is behind the attack. Digital security experts also suspect that the Russian government is linked to the hacker group.  However, it cannot be completely ruled out that other hackers or countries are also behind the attack, digital traces can also be easily falsified.

According to information from security circles, the foreign and defence ministries have been attacked.
The attack is still ongoing. On Thursday 1st March the Bundestag’s intelligence committee confirmed that the attack was still taking place. Armin Schuster, the head of the committee said that “any public discussion of the attack’s details would be a warning to the attackers that we don’t want to give.”

The security services have allowed the attack to continue in order to gather information on the hackers, according to dpa security sources. But state officials insist it is under control.

The interior ministry's parliamentary state secretary, Ole Schroeder, told regional newspaper group RND that the attack was "under control" after "a very successful operation by the federal security authorities".

"We succeeded, through excellent cooperation, to isolate and bring under control a hacker attack on the federal network," he said, adding however that the security measures had "not yet been completed."

What we don’t know
The attackers are said to have searched for data on specific topics. Rather than steal vast quantities of data, the hackers reportedly chose their targets very carefully. Patrick Sensburg, an MP for the Christian Democrats, said on broadcaster ZDF that it was necessary to check whether any data had been leaked. This isn’t the first time that the APT28 has been accused of hacking German state computer systems. In 2015 they allegedly hacked the Bundestag and stole a total of about 16 gigabytes of data, according to German intelligence services.

Some security experts have however said there is not definitive proof the ATP28 were behind that attack, as the software they use is available online.

Further victims? It is unclear whether other institutions connected to the federal data network, such as security authorities, are also affected by the hacker attack. If the hackers penetrated deeper into the network, the consequences for security would be unforeseeable.

There are many different ways to carry out such an attack. For example, in the cyber-attack on the Bundestag, the Trojans that were ultimately used were assembled in the parliament's network from individual parts hidden in various mail attachments. But nothing has yet leaked out into the public domain on how this attack was carried out.

It is still unclear at this stage what the attack means for the government data network. After the Bundestag attack in 2015, it was the case that in a time-consuming and costly action, the entire data network had to be redesigned.

The Local:        Reuters

You Might Also Read: 

Russian Hackers Posed as ISIS to Hack French TV Channel:

Cyber attack on German Parliament Still Active:

Was The German Election Hacked?:

 

 

« NSA’s Global Spy Monitor
US Spy Chiefs Look For UK Guidance On Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Rackspace Technology

Rackspace Technology

Rackspace Technology is a leading provider of managed services across all major public and private cloud technologies. Secure your IT environments with powerful cloud security solutions and support.

Cyber 360

Cyber 360

Cyber 360 is a Cybersecurity contract and fulltime placement firm dedicated to identifying and hiring Cybersecurity professionals.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

GIAC provides certification in the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

ENEA Qosmos Division

ENEA Qosmos Division

Qosmos, a division of Enea, leads the market for IP traffic classification and network intelligence technology used in physical, SDN and NFV architectures.

QuickLaunch

QuickLaunch

QuickLaunch transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.