The hacker attack on federal government is to succeed through mail program Microsoft Outlook. This was reported by Süddeutsche Zeitung, citing anonymous sources.
if ( typeof AdController !== ‘undefined’ !window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile8’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile8’; elem.className = “ad ad-desktop ad-desktop–8 ad-desktop–8-on-article”; elem.setAttribute(‘data-banner-type’, ‘desktop’); elem.setAttribute(‘data-banner-label’, ‘Anzeige’); document.getElementById(‘ad-desktop-8’).parentNode.appendChild(elem); AdController.render(‘iqadtile8’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 8 desktop’) } } } if ( typeof AdController !== ‘undefined’ window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile3’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile3’; elem.className = “ad ad-mobile ad-mobile–3 ad-mobile–3-on-article”; elem.setAttribute(‘data-banner-type’, ‘mobile’); document.getElementById(‘ad-mobile-3’).parentNode.appendChild(elem); AdController.render(‘iqadtile3’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 3 mobile’) } } }
Thus, hackers should first have infected a government computer with malicious software. To circumvent a blockade of Foreign Office and to send sensitive information from closed network to external servers, hackers should have sent an e-mail to an infected computer.
The email should contain an attachment that Outlook downloads by default without user consent. This infrastructure is designed to allow hackers to control malware from outside. A spokeswoman from Microsoft wanted to comment on case on demand of Süddeutsche Zeitung “at this time”.
The nature of attack via Outlook is unusual and has not been publicly known until now. The Süddeutsche cited an IT security researcher who described hacker’s approach as elegant, “because it is unobtrusive”.
if ( typeof AdController !== ‘undefined’ !window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile4’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile4’; elem.className = “ad ad-desktop ad-desktop–4 ad-desktop–4-on-article”; elem.setAttribute(‘data-banner-type’, ‘desktop’); elem.setAttribute(‘data-banner-label’, ‘Anzeige’); document.getElementById(‘ad-desktop-4’).parentNode.appendChild(elem); AdController.render(‘iqadtile4’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 4 desktop’) } } } if ( typeof AdController !== ‘undefined’ window.Zeit.isMobileView()) { if ( !document.getElementById( ‘iqadtile4’ ) ) { var elem = document.createElement( ‘div’ ); elem.id = ‘iqadtile4’; elem.className = “ad ad-mobile ad-mobile–4 ad-mobile–4-on-article”; elem.setAttribute(‘data-banner-type’, ‘mobile’); document.getElementById(‘ad-mobile-4’).parentNode.appendChild(elem); AdController.render(‘iqadtile4’); if ( window.console typeof window.console.info === ‘function’ ) { window.console.info(‘AdController ‘ AdController.VERSION ‘ tile 4 mobile’) } } }
The hacker attack took place at turn of year from 2016 to 2017, after which attackers would have had access to central data network of federal administration, so-called information Verbund Berlin-Bonn (IVBB) for about one year. It is a kind of intranet for Bundesrat, Federal Chancellery, federal ministries, Federal Court of Auditors and various security authorities and has been considered safe. After federal day’s hack in 2015, this is second major attack on IT infrastructure of German government.
So far, what data has penetrated outside world is unknown. 17 computers were probably affected. The general attorney determines against unknown for suspicion of intelligence agent activity. One of suspects is group Turla, which is said to have a connection to Russian intelligence services. According to security researchers, for this suspicion, it is said that one of malicious programs used has only been exploited by this group. A clear assignment of hackers is difficult, however, and Russia rejects accusations.
The research network from Süddeutsche Zeitung, NDR and WDR reported without relying on concrete sources that attack could have been part of a worldwide attack. Accordingly, countries in Scandinavia, South America and former Soviet states should also be affected, including Ukraine. The countries that deal with it are unclear.
Espionage hacker attack on government’s data network hackers have infiltrated a malicious software and captured it. The attack was noticed in December and brought under control, said a spokesman of Federal Ministry. © Photo: Fabrizio Bensch/Reuters