According to two people familiar with the matter, the hackers have launched a large-scale, multi-pronged cyber-attack against the state of Washington.
The attack infected several state agencies
with sophisticated malware, including a type known as a truck boot, according
to the two men, who asked not to be named’ because they had asked the media.
Not authorized to speak.
People said the attack had already been
going on for more than a week, but it had not yet significantly affected state
operations, although flaws in the state's security apparatus had been’ exposed.
The cyber-attack had no effect on the
state's electoral systems. However, with a month to go before the November
presidential election, it highlights the potential threat to state computer
networks, including electoral systems.
Tara Lee and Mike Falk, both spokesmen for
Governor Jay Inslee, did not respond to requests for comment. The Office of the
Secretary of State for Women and Women tweeted on Thursday that it was
"aware of the cyber threat facing government agencies ... although we have
no reason to believe at this time that the election has been’ targeted."
'Phishing Campaign'
On Thursday, Ansley told a news conference
that a nationwide "fishing campaign" had taken place. Fake emails
that usually contain an attachment that explodes when malware is opened -
targeting the state. But the reality of the attack on state computer networks
is more serious than a phishing campaign. The attackers have successfully
gained access to several state agencies, spread malware and taken steps to
deepen their attack.
According to the source, the US Department
of Homeland Security, the FBI and Microsoft Corporation are assisting
Washington in their hopes of escaping the attackers.
Microsoft spokesman Frank Shaw declined to
comment. Messages sent to the FBI in Seattle were not recognized.
As Ansley said, no further details are
available about the nationwide phishing campaign.
The motives of the attackers are not
clear. It is not known’ if any data was stolen or if hackers planned to carry
out such ransom bombings in recent years, destroying cities, school districts
and businesses across the country. Attacks such as those seeking a hefty ransom
in order to hurt users again, try to lock their computers, and this can
significantly disrupt work for days or weeks.
Still, the timing of the attack raises
security questions ahead of the first presidential election, since Russia
intervened in the 2016 race by hacking Democratic Party e-mails and targeting
the electoral system in all 50 states. The DHS has repeatedly warned of
cyber-attacks and even the threat of ransomware ahead of the upcoming vote.
At least a call from some state employees
was received’ on September 18. On Sept. 21, an updated guideline asked employees
to stop clicking on new attachments, according to a government employee who
asked not to be identified’ because he was not authorized to speak to the
media. ۔
Profit tool
One of those familiar with the
investigation said a preliminary analysis of the intrusion showed that the
hackers may not have been targeting Washington, but rather - and took advantage
of flaws in the state's cyber security system. Respondents are monitoring
malware behavior across state networks, the man said.
According to one of the people familiar
with the matter, the attack affected at least 13 state departments and
commissions, including reforms, parks and recreation, and fish and wildlife.
The man also said that in addition to the truck boot, another type of malware,
called Emotite, was used’ in the attack.
Janelle Guttierez, a spokeswoman for the
Department of Corrections, retrieved the governor's statement, saying that a
number of government and private organizations across the country, including
Washington state, had been targeted’ by the phishing campaign.
"Washington is taking practical steps
to protest against state systems, which may require some applications to be
temporarily taken offline," he said. "It is unknown at this time what
he will do after leaving the post."
Representatives of other government
agencies did not respond to requests for comment.
Elections are not just a political target
for the invaders with the loyalty of the nation-state. Brett Kale, a risk
analyst at New Zealand band cyber security company AmesSoft, said it was also a
potential source of profit for cybercriminals as victims were reluctant to pay
to ensure their system was running smoothly. There may be China.
"There will be a much better time for
an attacker to pay through the government system than it needs to have maximum
access. Kalu added that hackers have until the day of the November 3
election." Will set fire "
The state of Washington is widely viewed
as one of the country's most complex cyber security systems, especially in
defense of its electoral system. Due to its reliance on the postal ballot,
Washington is at the forefront of preparations for voting on the epidemic,
according to a report by the RAND Corporation on the confidence of the voting
system in 2020.
Dangerous malware
The Emotic Banking Trojan, first
identified in 2014, became notorious for targeting banks and financial data but
has since turned into a spamming and malware service, according to cyber research
firm Malware Bytes Inc. The ability to avoid detection has accelerated the work
of the United States. The government, which has listed Amout as one of the
world's most dangerous malware, estimates that an incident could cost $1
million.
Hackers are often able to crawl within the
network, allowing them to compromise additional departments. In the case of
Emotet, the attacker is also known’ to send phishing emails to victims of the
internal e-mail system.
Furthermore, it is not uncommon for attackers
to take their time before accessing a network, sending ransomware or other
malicious attacks. Hackers can use this time to explore the network to find
sensitive data or find out how to take advantage of a threat.
According to cyber security firm Crude
Strike, ammo and truck bits are often’ used, especially in the Russian-based cyber
security, Ryuk. According to Crude Streak, first recognized in 2019, Reeve
became infamous in its first six months of operation to attack enterprise
networks, raising revenue to $4 million, according to Crude Streak.
According to Ames Swift, as Reeve's
activity dwindled slightly in the spring and early summer of 2020, another
threatening actor emerged in the form of a similar attack, named Conti,
according to Ames Swift. The cyber firm said that in its short history, Conti,
which also appears to be based’ in Russia, has been notorious for attacking
state and local governments, including state courts in Louisiana, in September.
READ MORE
