The Russia connectionKremlin hackers infiltrated the most secure German government communication network

The German government yesterday (Wednesday) confirmed that it had suffered a large cyberattack which infiltrated federal computer networks in search of sensitive information.

German news agency dpa, citing anonymous German law enforcement sources, had reported that the Russia hacking group APT28, aka Fancy Bear, had placed malware in a government network and infiltrated both the Foreign Ministry and the Defense Ministry.

The sources told dpa that the malware could have remained in the government’s networks for as long as a year before the government discovered the breach in December.

Reuters reports that the German security services reportedly allowed the malware to remain in the system until Wednesday to gather more information about the attack and the Russian government hackers who launched it.

Fancy Bear, which is one of the hacking groups operated by the GRU (Russia’s military intelligence branch), conducted the 2016 hacking campaign of the DNC and the Hillary Clinton campaign as part of the Kremlin’s broad hacking and disinformation effort to secure the victory of Donald Trump in the November 2016 election.

The German Interior Ministry confirmed the attack without confirming the identity of the perpetrators.

“We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cybersecurity incident concerning the federal government’s information technology and networks,” an Interior Ministry spokesman said.

The government departments targeted by the Kremlin had since taken measures to investigate the attack and better protect their data, the spokesman added.

It is unclear how much sensitive data was collected by the Kremlin hackers before they were intercepted.

Knowledgeable sources told Reuters that the Russian government hackers managed to infiltrate the German government’s “Informationsverbund Berlin-Bonn” (IVBB) network, a communication network which was specially designed as a secure communications platform. The ensure its enhanced security, the IVBB network has operated separately from other public networks. The network has only a few users: the chancellery, the German parliament, federal ministries, the Federal Audit Office, and several security agencies located in Berlin and Bonn.

Government officials said that, on average, the IVBB network is being cyberattacked twenty times a day.

The German parliamentary committee overseeing Germany’s intelligence services is holding an emergency meeting today (Thursday) to discuss the breach.

Fancy Bear has also attacked the email system of the German parliament in 2015, stealing tens of thousands of emails exchanged by members of the Bundestag – the Kremlin hackers would use the same cyberattack method a year later against the DNC and the Clinton campaign. The group also attacked the NATO headquarters in Brussels, and governments in several European clountries.

Reuters notes that Fancy Bear’s 2015 penetration of the Bundestag was so far-reaching that it forced the German government to replace its entire IT infrastructure.