There has been a recent discovery in the German federal government hack that occurred last week. It has been discovered that the compromise involved e-Learning software suite ILIAS which was connected to the network.
The situation is further described in more detail on German news site Golem: https://www.golem.de/news/bundeshack-hack-auf-bundesregierung-erfolgte-ueber-lernplattform-ilias-1803-133227.html
Commenting on the discovery is Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposures Research Team, who said:
Secure networks are only as secure as their weakest link. In the case of Germany’s classified IVBB network, it appears that this weakest link may have been a university e-learning system which was inexplicably connected to it. A message posted to the administrator’s mailing list of a German based open source e-learning suite, confirms that an installation of their software was implicated in a limited breach of Germany’s network for sharing certain sensitive information.
A web site designed to offer learning opportunities to employees of the federal government was apparently running an outdated version of this software. Although it is unclear whether attackers exploited a flaw in this software as opposed to phishing or password theft, it is certainly odd that such a system would be anywhere near a confidential network.
Institutions running the ILIAS learning software are best advised to make sure these systems are updated and do not have default credentials enabled. Since the initial point of compromise is not entirely clear, it is also advisable to keep a close watch of activity on even up to date ILIAS systems.