A TV investigation put the spotlight on Arne Schoenbohm and a web of organisations connected to Russia.
It exposed what it said was a gap in Germany’s defences caused by software to which Russian agents might have access.
A government representative on Monday neither confirmed nor denied whether Mr Schoenbohm had been sacked as head of the Federal Office for Information Security (BSI).
But reports said Interior Minister Nancy Faeser was planning to remove him.
Mr Schoenbohm founded a lobby group in 2012 called the Cybersecurity Council of Germany.
One of its members was a company called Protelion, also known as Infotecs, which offers cybersecurity products to German companies.
The programme broadcast by ZDF said it had uncovered links between the company and Russian intelligence services.
“The security software with which Germany companies want to protect themselves from Russian cyber-attacks comes from Russia,” said presenter Jan Boehmermann.
The scandal comes against the backdrop of Russia’s war in Ukraine and heightened alert over attacks on critical infrastructure.
Russia has frequently been accused of cyber-meddling in the affairs of its adversaries.
Mr Schoenbohm has not responded to the latest claims. But in a statement on Monday, the Cybersecurity Council said it had expelled Protelion from its ranks after learning of its links to Russia.
However, it denied the council itself was compromised by Russian links and said it had not undertaken any joint projects with Protelion.
“The allegation that the Cybersecurity Council of Germany is under Russian influence is absurd,” it said.
The council’s president Hans-Wilhelm Duenn was quoted by the ZDF programme as saying he had contacts with Russian intelligence.
But he said the clip was taken out of context and that there were no contacts with active Russian agents.
“Like the BSI, we did not know about Protelion’s links to Russian agencies,” he said.
“I condemn Russia’s illegal invasion of Ukraine, and the related activity of Russian intelligence agencies, in the strongest terms.”
Russia was blamed for a cyber-attack on Germany’s parliament only weeks before a general election last year.
Hackers tried to steal email passwords from MPs, possibly intending to send fake messages from their accounts, authorities said.
On February 24, thousands of wind turbines were affected by a cyber-attack on the KA-SAT satellite, believed to be linked to Russia’s attack on Ukraine that day.
Concern over infrastructure safety was heightened this month when leaks were found on the Nord Stream gas pipelines in the North Sea.
European governments said the leaks appeared to be deliberate, with some politicians suspecting Russia.
Another mystery arose at the weekend when trains in northern Germany ground to a halt, after cables were cut by another act of sabotage.