Apparent attack by Russian ‘Fancy Bear’ hackers penetrated Germany’s foreign ministry

German officials said Wednesday that the government’s information technology networks had been infiltrated and that evidence pointed toward a Russian hacking group that’s been implicated in high-profile cyberattacks worldwide.

The breach, acknowledged by the interior ministry in a statement, had been known since December, when security experts discovered malware in the secure computer networks of the foreign ministry, according to a senior German security official. German media outlets reported that the defence ministry also was affected.

The senior security official, who spoke on the condition of anonymity because he was not authorised to comment on the record, said the Federal Office for the Protection of the Constitution and the Federal Office for Information Security allowed the malicious programme to keep running in recent months so they could monitor hacker activity. But no significant data was transmitted, according to the official. He said at some stage German officials decided to stop monitoring.

The official also said the country’s security agencies suspected that the Russian-linked hacking network known as APT28, or Fancy Bear, was behind the attack. Germany’s Süddeutsche Zeitung reported that the hackers may have had access to German governmental networks for up to a year.

Fancy Bear has previously been connected to a range of cyberattacks, including one in which phishing and malware was used to infiltrate the US Democratic National Committee before the 2016 presidential election, as well as the networks of Emmanuel Macron’s election campaign before last year’s French presidential election, according to the Tokyo-based cybersecurity research group Trend Micro.