Report: US suspects Russia in 'most sophisticated' Joint Staff hack
The hack that shut down the staff's unclassified email system got around security measure in a way the government hadn’t seen before, officials said.
This story has been updated with additional information.
Officials are calling the recent hack of an unclassified email system used by the Joint Staff, which apparently from Russia, “the most sophisticated in U.S. history,” executing a kind of smash-and-grab of massive amounts of data, according to reports.
NBC News quotes unidentified U.S. officials saying the attack, which started sometime around July 25, used an automated system that collected huge amounts of data and, within a minute, sent it to thousands of locations across the Internet. Officials have said from the beginning that no classified information was exposed.
The officials said the attack was launched from Russia and, although they said it was not clear the Russian government was behind it, its sophistication indicated it was the work of a state actor. Other security experts had reached the same conclusion.
Earlier, officials had said that the hack exploited what a senior Defense Department official termed “a new and different vulnerability," CNN reported. Members of the Joint Staff appeared to be the intended target, and although classified systems weren’t touched, the attack did penetrate the unclassified email system at multiple points, officials said.
Once discovered, the Joint Staff took the network offline, leaving about 4,000 personnel without their regular email. Senior members were given an alternative means of using unclassified email. The Pentagon expected to restore the system Thursday.
The attack may have been highly sophisticated, but the attackers still got their feet in the door the old fashioned way—with social engineering tricks, in this case executed in a spear-phishing email.
Spear-phishing campaigns, even especially sophisticated ones, aren’t new, but some of the other tactics these hackers used apparently were. The Defense official told CNN that the Joint Chief’s network had all of its cybersecurity measures in place and was up-to-date with software patches, but the attackers managed to get around them in a way the government hadn’t before seen.
Attacks of this kind are targeted emails that try to fool the recipient giving up information such as network log-ins in order to gain access and steal information such as military secrets, intellectual property, financial data or other confidential information. Garden-variety phishing attacks do that too, although they tend to be broad, mass-mailings aimed at the general public.
Spear-phishing attacks, on the other hand, are much more specific, focused on a specific group or even an individual. The attacker will know the recipient’s name and other information, which could be included in the email to make it seem more genuine. The goal is to convince the recipient that the email is from a known, trusted source and trick them into giving up their information.
After the hacks of the Office of Personnel Management databases that resulted in the exposure of information on 22 million people, for example, a phishing campaign soon starting up with phony emails posing as OPM notifications to the victims.