Russian hacking group Fancy Bear may have spied on Germany’s government

Visitors walk inside the glass dome of the Reichstag building in Berlin.

caption
Visitors walk inside the glass dome of the Reichstag building in Berlin.
source
Thomson Reuters

  • Germany is investigating a security breach of its defense and interior ministry’s private servers.
  • Local media speculated that Russian hacking group Fancy Bear is behind the cyberattack.
  • The Russian group is believed to be linked to several high-stakes cyber breaches, including breaches on the Democratic National Committee, the World Anti-Doping Agency, and the International Olympic Committee.

Germany is investigating a security breach in its defense and interior ministry’s private servers, and local media has reported that Russian hacking group Fancy Bear is behind the cyberattack.

German officials confirmed to Reuters they are investigating a government computer network breach, but said it was an “isolated” attack. They declined to give further details about the extent of the hack.

Local media was quick to attribute the attack, which some said took place in December, to the suspected Russian cyber espionage group Fancy Bear, also known as APT28.

The German Press Agency (DPA) reported, citing unnamed security sources, Russian hackers breached the government network and that an attack may have occurred much earlier, with a piece of malware likely placed in a central government network potentially remaining for up to a year.

According to public broadcaster Deutsche Welle, hackers reportedly targeted the government’s “Informationsverbund Berlin-Bonn” (IVBB) network, a communication platform that facilitates fast and secure data exchanges within German government offices. It was reportedly designed to act separately from other networks and add a layer of extra security to classified government communications.

The government said it receives around 20 attempted hacks per day and intelligence services carry out penetration tests once a week.

In September 2016, Germany’s Federal Office for Information Security, which manages the government’s cyber security, warned Germany to guard against cyber hackers, mentioning APT28 by name.

Domestic intelligence previously blamed Fancy Bear for a 2015 attack on its parliament systems.

Fancy Bear is widely believed to be a proxy for the Russian government. According to a website affiliated with the group, Fancy Bear has been operating since at least 2008, and targets aerospace, defense, energy, government, and media, using a “sophisticated and cross-platform implant.”

Fancy Bear have been linked to attacks on the DNC and Olympics

Winter Olympics Opening Ceremony

source
NBC Sports Live

Fancy Bear is believed to be linked to several high-stakes cyberattacks, including breaches on the US Democratic National Committee, the World Anti-Doping Agency, and the International Olympic Committee.

In June 2016, the Democratic National Committee (DNC) said Fancy Bear infiltrated its servers and later published a broad “hit list” that targeted hundreds of the Kremlin’s perceived enemies. The Department of Justice identified at least six Russian government officials believed to be tied to the hack and reportedly considered filing charges late last year.

In September 2016, the World Anti-Doping Agency (WADA), which monitors against drug use in sports, said its database had been compromised, and pointed the finger at Fancy Bear. Prior to the hack, WADA alleged Russia was involved in a widespread athletic doping network, and recommended Russia be banned from participating in the 2016 Rio Olympics.

And earlier this year, the group that called itself “Fancy Bears” leaked emails and data from the International Olympic Committee, in apparent retaliation for Russia’s ban from the 2018 Pyeongchang Olympics.

IOC systems were also breached during the Opening Ceremony and US intelligence officials speculate that Russian spies may have organized the hack.