German news media ran a story yesterday about a hack by "Advanced Persistent Threat 28", purportedly of Russian origin, who penetrated the data networks of Germany's federal government and its security institutions
. That is to say the German equivalents of the entire executive branch, including chancellor, cabinet, and executive branch agencies like CIA, FBI, ICE, federal and state police services, military intelligence and security command. Yes, let that sink in.
Counter-intelligence noticed the breach in December. At that point the systems had been compromised for the better part of a year. A year.
Notwithstanding the fact that all journalism related to this attack is abysmal - in particular the "let's blame a sovereign nation for what amounts to a cyber act of war" based on what: an IP address? a common methodology? - the fact that a breach at federal level can remain undetected for a year speaks to how woefully unprepared Germany is in cybersecurity.
At this point, one should assume that there is no such thing as German state or economic secrets. Everything has been compromised. For a nation that used to pride itself on security and the strength of its intellectual property, this is a very sad day indeed.