According to sources, hackers have launched an extensive, multifaceted cyber attack against the state of Washington.
The attack infected many of the state services with sophisticated malware, including a malware known as Trickbot.
The attack has already lasted more than a week, but has not yet significantly affected state-owned enterprises, although it exposes the shortcomings of the state machinery. security.
The cyber attack did not affect the state's electoral systems. However, almost a month before the November presidential election, it points to the potential vulnerability of state-owned computer networks, which include electoral systems.
Tara Lee and Mike Faulk, representatives of Governor Jay Inslee, did not respond to requests for comment. Secretary of State Kim Wyman wrote in Twitter on Thursday that "they are aware of an active cyber threat facing government agencies, although they have no reason at this time to believe that it is targeting the election."
On Thursday, Inslee told a news conference that a national "e-fishing campaign" was targeting the state. But the reality of the attack hitting state computer networks is more serious than a cyber-fishing campaign (Phishing). The attackers have successfully gained access to many government services, distributing malware and establishing a point from which they could deepen their attacks.
Microsoft spokesman Frank Shaw declined to comment. The messages sent to FBI in Seattle were not recognized.
The motives of the attackers remain unclear. It is not known if data was stolen or if the hackers planned to trigger the type of attacks. ransomware that have destroyed cities, school districts and businesses across the country in recent years. Such attacks seek to lock users out of their computers, requiring heavy ransoms to regain access, and can significantly disrupt operations for days or even weeks.
However, the timing of the attack raised security questions ahead of the first presidential election since Russia intervened in the 2016 Democratic Party e-mail targeting electoral systems in all 50 states, according to federal authorities. DHS has repeatedly warned of the risk of cyber attacks, even ransomware before the upcoming vote.
One of the people familiar with the investigation said that the timely analysis of the intrusion showed that the hackers may not be targeting Washington, but there were probably problems, which they took advantage of, in the state cybersecurity system. Correspondents continue to monitor the behavior of malware on the state network.
At least 13 of the state departments and committees were affected by the attack, using malware called Emotet.
Elections are not just a political target for some attackers. They are also a potential tool for cybercriminals looking for profit because victims may be desperate to pay to ensure their systems work, said Brett Callow, a threat analyst at security company Emsisoft.
The state of Washington is considered to have one of the most sophisticated cyber security systems, especially around the defense of the electoral system. Due to its dependence on postal ballots, Washington is among the highest voting pandemics during the pandemic, according to a report by Rand Corp. on the confidence of the voting system in 2020.
Emotet banking Trojan, first recognized in 2014, gained a reputation for targeting banks and financial data, but has since evolved into a spam and malware, according to the cyber research company, Malwarebytes Inc. The government has characterized it Emotet among the most dangerous malware in the world with an estimated cost of $ XNUMX million per incident.
Hackers often move around the network, allowing them to compromise additional segments. In the case of Emotet, intruders are also known to send phishing emails to victims through the internal email system.
In addition, it is not uncommon for attackers to take their time after gaining access to a network before spreading a ransomware or other type of malicious attack. Hackers can use this time to explore the network by searching for sensitive data or figuring out how to exploit a vulnerability.
Emotet and Trickbot are often used in parallel, especially by Russian-based cybergang Ryuk, according to cybersecurity company CrowdStrike. Ryuk, who made her debut in 2019, became infamous in the first six months of her operation for attacks on corporate networks, with revenues of more than $ 4 million, according to CrowdStrike.
As Ryuk's activity weakened slightly in the early spring and summer of 2020, another threatening factor emerged with a similar attack profile, called Conti, according to Emsisoft. In its short history, Conti, which also appears to be based in Russia, has a reputation for attacking state and local governments, including Louisiana state courts, in September.