A major cyberattack on the German government reported this week has been "serious," "damaging," and is still going on, German legislators and officials said.
The comments at an emergency meeting of the Bundestag's parliamentary control committee on March 1 in Berlin appeared to contradict earlier government assurances that the security breach had been “isolated and brought under control.”
"The security breach in itself is considerably damaging" and "ongoing," said Armin Schuster, chairman of a parliamentary intelligence control panel whose job it is to monitor the activities of the security services, although he said it was too early to assess the full extent of the damage.
"Public discussion about details would simply be a warning to the attackers that we do not want to give," Schuster said.
Outgoing Interior Minister Thomas de Maiziere called the cyberattack "technically sophisticated" and a "serious act" that he said had been planned for a long time.
German media, citing anonymous officials and documents, reported on March 1 that the hack appears to have originated from the Russian hacking group known as "Snake" or "Turla," which has been active since 2005.
Earlier reports had blamed the notorious Russian hacking group known as "Fancy Bear" or "APT28," which some believe has connections to Russia’s GRU military intelligence agency and was accused of attacks on U.S. presidential candidate Hillary Clinton’s 2016 campaign.
There has been no official confirmation of the identity of the perpetrators, and some legislators have suggested that hackers who are deliberately copying Fancy Bear's tactics might be the culprits.
Security sources told the German dpa news agency that the attack was apparently in progress by the end of 2016.
"It confirms what we've long known and said," De Maiziere said. "Various parties with different motives endanger our cybersecurity."
While the attack continues, De Maiziere repeated the government's assertion that it has been brought under control. "The current situation proves that our security services have worked successfully," he said.
He said that the attack is the work of highly professional hackers, who are currently being monitored by the security services in order to glean further information about the method of attack and motive, so that security precautions can be introduced to the government network.
"These [security] measures have not yet been finalized," De Maiziere said.
Security services were told in December by a partner agency that the German network had been the victim of a cyberattack, dpa reported.
IT experts observed the attackers hacking into a Foreign Ministry document that concerned Russia and Eastern Europe, it said.
The deputy chairman of the parliamentary control panel, Konstantin von Notz of the Green Party, said there were good reasons why the government had "guarded very closely" certain information about the attack in previous weeks.
But he said it was unacceptable that the panel first heard about the attack through the media, calling it a "substantial problem" that needs to be cleared up.
Panel member Andre Hahn of the left-wing party Die Linke said he had the impression that the government and security services had sought to play down the attack.
"I fear that more will come to light in the coming weeks," he said.
Germany's Bundestag came under a major cyberattack in 2015 that was widely blamed on Fancy Bear. Fears that information gleaned from the attack would be leaked to influence last year's German election never materialized, however.
With reporting by dpa and The Guardian