The U.S. State Department has recently suffered a cyber-attack leading to warnings of a possible severe breach formulated by the Department of Defense Cyber Command.
Fox News journalist Jacqui Heinrich claimed in a series of tweets over the weekend. She penned, “A cyberattack has struck the State Department, and the Department of Defense Cyber Command made notifications of a potentially serious breach.
“It needs clarity about when the breach was discovered, but it is believed to have happened a couple of weeks ago.”
Heinrich added that the State Department’s mission to evacuate U.S. personnel and allied refugees from Afghanistan has “not been affected” by the incident.
She further tweeted that “the extent of the breach, the investigation into the suspected entity behind it, efforts are accepted to mitigate it, and any ongoing risk to operations continues unclear.”
Reuters then reported that a “knowledgeable source” had informed them that the department had not experienced any massive disruptions or had its operations impeded in any way.
For the State Department, a spokesperson said, “The department takes severely its responsibility to safeguard its data and continuously takes steps to make sure that information is protected. Unfortunately, for security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”
Commenting on the story, Sam Curry, chief security officer, Cybereason, said, “The recent cyber-attack against the U.S. State Department is a warning that anyone and everyone can be struck and will be struck. Today, it is a matter of how quickly threats are found and how quickly they are brought to a halt. Overall, the State Department’s networks are enormous, and they are likely to get attacked by nation-states, terrorists, and other adversaries daily. However, sans more data on the present attack, assuming the motives or groups included in this latest action would not be premature.
“There’s no shame in being attacked, and disclosing it in the right way is laudable. However, there’s a world of inconsistency between an infrastructure breach where a nation-state, rogue group, or hacktivist gets in and an information or material breach that causes damage. The State Department isn’t likely to reveal any further details of this attack, given the current chaos on the ground in Afghanistan and lingering tensions with Russia over the Colonial and JBS attacks and China for bearing out the Microsoft Exchange Server attacks, public and private sector security teams should be on great alert. Also, allies of the U.S. across Europe, Asia-Pacific, and Africa should be on high alert. Let’s hope the perception by some that the U.S. is distracted doesn’t generate more attacks and chaos.”
The revelation has come just weeks after a bipartisan report was published by the Senate Homeland Security and Governmental Affairs Committee, which found “severe” shortcomings in the cybersecurity posture of many federal agencies. For instance, the report rated the State Department “effectively a D” regarding its cybersecurity posture, “the lowest possible rating within the Federal Government’s maturity model.”
Curry added, “The State Department attack is one of the reasons for the EDR mandate for the U.S. federal government agencies in the recent White House Executive Order. Having a means of finding the attacks like the one on the State Department as threat actors move in the slow, subtle, stealthy way through networks is the only option in returning defenders to higher ground above threat actors. Advanced building resilience, prevention ensuring that the blast radius of payloads is lowered, and generally using peacetime to foster antifragility is feasible. Today, it’s not about who we hire or what we buy. It is about how we adapt and mdify every day.”
