Someone at the Pentagon must have clicked a bad link. According to reporting by the Daily Beast and NBC, Russia launched an attack on the unclassified email network used by America’s Joint Chiefs of Staff, the body of senior military officials that advises the president and defense secretary on military matters. The attack is believed to have been a type of “spear-phishing,” where emails that looked official launched aggressive programs that collected information from the network and sent it back to the attackers across the internet.
Spotted on Twitter by pseudonymous online cybersecurity researcher@PwnAllTheThings, it looks like the U.S. government’s Computer Emergency Readiness Team (U.S. CERT), a sort of first-responder group to cybersecurity threats, published an alert on the spearphishing attempt August 1st. U.S. CERT says they detected phishing campaigns against the government in June and July. According to the notice:
All three campaigns leveraged website links contained in emails; two sites exploited a recent Adobe Flash vulnerability (CVE-2015-5119) while the third involved the download of a compressed (i.e., ZIP) file containing a malicious executable file. Most of the websites involved are legitimate corporate or organizational sites that were compromised and are hosting malicious content.
To protect the networks against further intrusion, it appears the Defense Department has shut down the Joint Staff network.