Hackers believed to be tied to the Russian government successfully compromised the networks of the German defense and foreign ministries in at attack that may have lasted for a year, German news agency Deutsche Presse-Agentur reported Wednesday.
Citing unnamed officials, the news agency reported that APT28 used malware to steal data from the government agencies, but the extent of the impact is unclear.
Another German outlet, Deutsche Welle, reports that the hackers infiltrated a specially designed network used by the government to keep communications secure and separate.
German press claim that that the BSI and BfV intelligence agencies are investigating the breach.
APT28, commonly known as FancyBear, has been blamed by both private cybersecurity companies and U.S. intelligence agencies for carrying out attacks that target governments and political entities. Most notably, the group is known for obtaining and then leaking private information from Democratic National Commission in the 2016 U.S. election. More recently, the group leaked information from the International Luge Federation. Ukrainian intelligence agencies have blamed APT28 for other incidents, including the BadRabbit and NotPetya ransomware attacks of last year.
Also on Wednesday, U.S. cybersecurity firm Palo Alto Networks published a report detailing a campaign by APT28 to target foreign affairs ministries around the world. Ryan Olson, senior threat intelligence director at Palo Alto Netoworks’ Unit 42 research team, told CyberScoop that it’s not clear if the new research and German data breach are in any way connected.
However, he indicated, the fact that both reports involve APT28 and foreign ministries is noteworthy.
“Given how [APT28] works, it is reasonable to see both of these as related,” Olson said.