Overnight, a German government spokesperson confirmed they are investigating a security breach of its defence and interior ministries’ private networks. A notorious Russian hacking group known as Fancy Bear, or APT28, is being widely blamed in German media. Matthias Maier, Security Evangelist at Splunk commented below.
Matthias Maier, Security Evangelist at Splunk:
In this instance the authorities, supported by specialists, need to investigate what happened over a year ago in their environment to identify how the attacker got in, what the weak point was, what was accessed and what systems might have been compromised. Hopefully, the organisation has collected and stored all log data from its entire digital infrastructure in order to put these pieces of the puzzle together.
The reports so far in the news have indicated that the detection happened in December and it continues to be investigated, highlighting the complexity involved in such a process. It also demonstrates the need for log data to be held in a centralised platform where it can be searched and analyzed quickly by multiple stakeholders in an investigation.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.