The expert in the field told dpa news agency on Friday that there was "concrete evidence" that the attackers were members of the Sofacy group, sometimes referred to as APT28.
The group has been operating since 2006 and is funded by the government, the source said.
The unconfirmed attackers reportedly launched an unprecedented attack using several waves of so-called Trojan viruses to gradually extend their access to the German parliament's internal server.
The Bundestag, Germany's lower house of parliament confirmed at the end of May that the hackers had managed to steal data during the intrusion.
The news comes after German parliamentarians were told to remain on high alert and be sure to follow cybersecurity guidelines in the future, according to an email seen by dpa on Friday.
"Even though data siphoning ended on May 20, the threat is not over," Bundestag director Horst Risse wrote in the email, which also highlighted that parliamentarians should refrain from opening unknown links and files sent by email.
According dpa, recipients of the memo were advised to change their passwords regularly and use encryption software for sensitive documents.
Security investigators in neighboring France are also reportedly looking into whether the same Russian hacking group was responsible for an attack on French broadcaster TV5 Monde in April.
Transmissions were temporarily shut down for 18 hours after the station's website and social media accounts were hijacked with jihadist propaganda.
"The investigations are at this stage looking towards a group of Russian hackers designated by the name APT28," a judicial source told French newspaper "L'Express."
ksb/sms (dpa, AFP)