Fancy Bear goes to Berlin.
German authorities said this week that they're investigating a cyber espionage campaign against Federal networks (Infosecurity Magazine). The attack was detected in December, but the threat actors are believed to have been present in the networks for about a year before they were discovered. The campaign is generally if unofficially regarded as the work of Fancy Bear, Russia's GRU military intelligence service (New York Times).
Deutsche Welle describes the Informationsverbund Berlin-Bonn network, the IVBB, which was the hackers' target, as a dedicated secure platform used only by "the Chancellery, the German parliament, federal ministries, the Federal Audit Office and several security institutions in Berlin and Bonn, the former German capital where some ministries still have offices."
The German Government, which continues to work on remediation of what's being called an "ongoing" attack on a government dedicated secure network, officially declines to attribute the attack. Economy Minister Zypries yesterday said that, while there were no indications Russia was behind the hack, it would be "problematic" if this would turn out to have been the case (Reuters). Few others are so reticent. The industry consensus is that the attack is the work of Fancy Bear, Russia's GRU. Some members of the Bundestag who've been briefed on the incident are calling it "a form of warfare" (Telegraph). (Spiegel likes Turla for the job, but that's inside baseball: it's still Russia.)
Fancy Bear (a.k.a. Sofacy) is thought to have been busy elsewhere, too. Palo Alto Networks reports that it's observing a campaign mounted against diplomatic targets in Europe and North America (SecurityWeek).