Russia's 'Fancy Bear' Reportedly Hacks German Government Network

Mar 1, 2018
Originally published on March 1, 2018 5:58 am

Germany says it managed to fend off a cyberattack against key ministries, but declined to confirm media reports that the culprit was the Russian intelligence operation blamed for interference in U.S. elections.

"We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cybersecurity incident concerning the federal government's information technology and networks," an Interior Ministry spokesman said Wednesday.

"The attack was isolated and brought under control within the federal administration," which manages government computer networks, the spokesman said in a statement, Reuters reports.

According to Reuters: "Western governments and security experts have linked the hacker group known as APT28 or Fancy Bear to a Russian spy agency, and have blamed it for an attack on the Democratic National Committee ahead of the 2016 U.S. elections.

Germany's Deutsche Presse-Agentur news agency cites anonymous security officials as saying that the hackers "likely placed a piece of malware in a key government network. The malware could have remained in the government's networks for as long as a year."

Deutsche Welle adds: "The hackers reportedly infiltrated the government's 'Informationsverbund Berlin-Bonn' (IVBB) network, a specially designed communications platform that sits separate from other public networks for supposed added security. It's used exclusively by the Chancellery, the German parliament, federal ministries, the Federal Audit Office and several security institutions in Berlin and Bonn, the former German capital where some ministries still have offices."

German officials blamed Fancy Bear for a May 2015 hack of Germany's lower house of parliament, the Bundestag, and other cyberattacks aimed at Chancellor Angela Merkel as well as others.

German security sources quoted by Reuters denied media reports that the attack had penetrated the country's defense ministry and military establishment.

Reuters writes:

"News of the attack on German government computers comes after repeated warnings by German intelligence officials about possible meddling by Russia in last year's federal election.

The head of the German domestic intelligence agency last year said such attacks had not occurred, but the risk of interference remained until a new government is in place."

In November, the U.K.'s National Cyber Security Centre confirmed for the first time that Russian cyberattacks had targeted British media. The revelation came a day after Britain's Prime Minister Theresa May warned that a Russian disinformation campaign aimed to "sow discord in the West."

As NPR's David Welna reported earlier this week, National Security Agency and U.S. Cyber Command chief Adm. Michael Rogers told the Senate Armed Services Committee that he believes that Russian hacking and disinformation has shown no sign of slowing since the election.

"Everything, both as the director of the NSA and what I see on the Cyber Command side, leads me to believe that if we don't change the dynamic here, this is going to continue and 2016 won't be viewed as something isolated," Rogers said. "This is something that will be sustained over time."

Copyright 2018 NPR. To see more, visit