The hacker group known as APT28 — which has been linked to Russia's GRU military intelligence and accused of attacks on Hillary Clinton's 2016 presidential campaign — managed to plant malware in the ministries' networks for possibly as long as a year, the news agency said.
German security authorities only detected the online spying in December, it said, adding that an isolated government IT network had also been hit.
If confirmed, the attack would be the biggest to hit the German government.
Top security officials had repeatedly warned during Germany's 2017 general elections that Russia hackers may seek to disrupt the polls.
While authorities did not have concrete proof, they have pinned the malware attack that crippled the Bundestag parliamentary network in 2015 for days on the APT28, also known as “Fancy Bear” or “Sofacy”.
The attack netted 17 gigabytes of data which, officials feared, could be used to blackmail MPs or discredit them.
Amid the rising frequency of attacks, Germany's defence ministry in 2016 set up a cyber department to coordinate a response to online intrusions.