Russian hackers launched a “sophisticated cyber attack” against the U.S. Joint Chiefs of Staff on July 25, 2015, NBC News reports. Approximately 4,000 military and civilian personnel who work for the Joint Staff are affected.
CNN reports that the breach was enabled by a spear phishing attack.
Sources told NBC News that the cyber attack leveraged an automated system to rapidly gather “massive amounts of data” and distribute it to thousands of accounts online. The attack was apparently coordinated via encrypted social media accounts.
While it’s not clear whether the attack was run by the Russian government or by individuals, an unnamed official told NBC News that given the scope of the attack, “It was clearly the work of a state actor.”
An unidentified separately told CNN that two likely suspects are being considered — Russia and China — but that the methods used were not “typical of Chinese hackers.”
The Department of Defense says only unclassified emails and accounts were accessed — no classified information was exposed. In response, however, the DoD shut down the entire Joint Staff network and email system to investigate the attack.
Defense Department spokeswoman Lt. Col. Valerie Henderson refused to comment on the hack, but told The Register, “We continue to identify and mitigate cybersecurity risks across our networks. With those goals in mind, we have taken the Joint Staff network down and continue to investigate. Our top priority is to restore services as quickly as possible.”
“As a matter of policy and for operational security reasons, we do not comment on the details of cyber incidents or attacks against our networks,” Henderson added.
Haiyan Song, senior vice president of security markets at Splunk, told eSecurity Planet by email that it’s notable that the hackers stole enough data in a matter of minutes to justify shutting the entire Joint Staff system down for two weeks. “When credentials get stolen, additional and more damaging attacks are inevitable,” she said. “This is why being ready is so critical. Speed of detection and response is the only true defense.”
“We cannot keep having the same weekly conversation about cyber security,” Song added. “It is well known that cyber space is the new front line. If we are not better prepared, we will continue to see stories like this play out, and there will be ongoing threats to our national security. It is the responsibility of government and industry to work together and find comprehensive policy and technology solutions that better equip agencies’ security teams.”
A recent eSecurity Planet article looked at the growing threat of cyber war.
