Cyber attack on German government sought more sensitive data than 2015 hack: lawmaker

BERLIN (Reuters) – The latest hack of German government networks involved complex malicious software and targeted more sensitive data than a 2015 breach of the German parliament, a leading member of Chancellor Angela Merkel’s conservatives said on Thursday.

Patrick Sensburg, a member of the parliamentary committee that oversees German intelligence agencies, told broadcaster ZDF it would take time to analyze the incident that the German government on Wednesday said had been “isolated” and contained.

He said it was premature to link the cyber attack — as German media reports have done — to a Russian hacking group known as APT28, although he said there was sufficient evidence that the group had links to a Russian spy agency.

“One has to carefully examine a software like this one that is extremely complex,” Sensburg told the broadcaster.

Germany on Wednesday said security officials were investigating an isolated attack on its government computer networks, but the incident had been brought under control. It did not confirm that the foreign and defense ministries were affected by the attack.

Sensburg said there had been rumors about a possible breach of government networks, but his high-level committee had not been informed about the attack by government officials.

The panel will receive a closed-door briefing from the government around midday. A separate panel on digital issues also called an extraordinary meeting to discuss the breach.


“We have a sort of war going on in the Internet,” Sensburg said, adding that it remained unclear whether any data was stolen as a result of the breach, and if so, what sort of data.

At the same time, he said this attack was clearly focused on more sensitive data than the 2015 hack of the Bundestag, the lower house of parliament, that resulted in the loss of 16 gigabytes of data, and which German officials have blamed on the APT28 hacking group, also known as Fancy Bear or Sofacy.

Bild newspaper said security officials were struck by the sophistication of the attack, which exceeded levels previously seen, and therefore assumed it was not carried out by the same group that carried out the 2015 hack.

Benjamin Read, head of cyber espionage analysis at FireEye, a U.S.-based cyber security firm, said the German incident could be part of a series of attacks carried out by APT28 against U.S. and European government-related entities in 2016 and 2017.

German intelligence officials have warned about possible meddling by Russia in last year’s federal election.

Western governments and security experts have linked APT28 to a Russian spy agency, and have blamed it for an attack on the Democratic National Committee ahead of the 2016 U.S. elections.