US officials claimed that Russia remains the leading suspect in a sophisticated cyberattack on the unclassified email network of the American military’s joint staff. The event prompted the Pentagon to restrict access to portions of that network in July.
An unnamed official claimed it was a spearphishing attack traced to Russia. Spearphishing emails purport to be from colleagues. Another official described Russia as a leading suspect, but pointed out that it would take time to firmly attribute blame. This is not surprising – the US always blames Russia, China or Korea in any attack, even if it later appears to have originated from a basement in Cleveland. In the meantime, the Pentagon declined to comment on the investigation. A few months ago, US defense secretary blamed Russia for a cyberattack against an unclassified American military network in 2015, claiming that the hackers discovered an old bug that had not been patched. In that case, the Pentagon reportedly quickly identified the compromise and had incident responders hunting the hackers within 24 hours. In this latest case, the joint staff, known to employ roughly 2,500 civilian and uniformed personnel, restricted its unclassified email access since the end of July. The rest of the Pentagon was unaffected. It was told at the moment that the attack had signs of the actions of a foreign state, which means that it wasn’t a less sophisticated hacker. One cybersecurity company said it had seen an increase in hacker attacks tied to the Russian government since sanctions were imposed back in 2014 over Moscow’s actions in Ukraine. Although the security experts had no information on the alleged attack on the joint chiefs of staff network, they had detected a large number of cyberattacks against American national security agencies and commercial firms. All of those attacks were reportedly carried out by a hacker group called “Cozy Bear”, which had ties to the Russian government. This hacking group engaged in a number of intrusions ranging from spearphishing to more sophisticated and complex actions. For example, they are accounted responsible for the attacks using hundreds of emails with a zipfile attachment introducing the malware to an organization’s networks.