APT28, an infamous cyber-espionage unit that many security firms believe is acting at the behest of the Russian government, has hacked various German government agencies for more than a year.

According to German news agency dpa, Russian hackers infiltrated computers on the network of the German Foreign Ministry, the German Defence Ministry, the German Chancellery, and the Federal Court of Auditors.

The German Interior Ministry confirmed the hack earlier this week. Officials said they detected the intrusion in December and had been investigating what and how many systems the hackers accessed. Evidence suggests the group had access for almost a year.

New APT28 attacks target European, North American countries

The attacks are not included in a report Kaspersky Lab released last week, detailing APT28's activity.

Yesterday, US cyber-security firm Palo Alto released a separate report on recent APT28 attacks that targeted European and North American countries.

These attacks, in the form of spear-phishing emails imitating Jane’s (news and information supplier for the defense and government sectors), are more recent (began in early February 2018) and don't seem to be related to last year's attacks on Germany.

APT28 believed to be GRU department

APT28 is a Russia cyber-espionage unit also known under other codenames such as Sofacy, Grizzly Steppe, Fancy Bear, STRONTIUM, Sednit, Tsar Team, and Pawn Storm.

A report authored by the Estonian Foreign Intelligence Service claims that APT28 is made up and coordinated by the Russian Military's Main Intelligence Directorate (abbreviated GRU).

A Washington Post article citing CIA sources published in mid-January pegged GRU as the authors of the NotPetya ransomware.

APT28 has been active since the early 2010s and according to Palo Alto and other cyber-security firms, has hacked the International Olympic Committee (IOC) in 2018, the World Anti-Doping Agency in 2016, the Dutch Safety Board in 2015, and German, French, Ukrainian, and Dutch political and military targets throughout 2014 through 2018.

"APT28 conducts cyber espionage campaigns to serve not only traditional espionage goals, but also to provide fodder for influence operations," Benjamin Read, Sr. Manager, Cyber Espionage Analysis, FireEye told Bleeping Computer.

"Throughout 2016 and 2017, we uncovered APT28 targeting multiple U.S. and European government-related entities including government, diplomatic and military organizations in Europe and surrounding the U.S. presidential election. We do not have any insight into the breaches in Germany, [but] the activity would be consistent with the actor's well-established behavior," Read added.