Russia has been named the prime suspect behind a cyber-attack on an unclassified email network of US military’s Joint Staff that forced the Pentagon last month to restrict access to portions of the network.
The investigation of the incident is still underway but an unnamed US official told Reuters the so-called spearphishing attack, using emails pretending to be from colleagues, was traced back to Russia.
Also a second source, also speaking on condition of anonymity, pointed towards Russia in relation to the attack but warned investigators would need more time to be able to reach a firm conclusion.
The Pentagon declined to comment on the investigation.
As a result of the attack, employees of the US military’s Joint Staff – a 2,500-strong body of civilian and uniformed workers – have had their unclassified email access severely restricted since the last weekend of July. The rest of the Pentagon appeared to be unaffected.
In late April, US Defense Secretary Ash Carter first hinted the unclassified military network may have been compromised by what appeared to be Russian government related hackers. Back then he revealed an older unpatched vulnerability had been discovered enabling the breach.
In that case, Carter said the Pentagon quickly identified the compromise and had incident responders "hunting the intruders within 24 hours."
Officials told Reuters the attack bore the hallmarks of the actions of a foreign state, as opposed to a less sophisticated hacker.
According to cyber-security firm Crowd Strike, there has been an escalation of Russian cyber espionage activity since the international community placed sanctions on Russian due to the situation in Ukraine.
Crowd Strike’s CEO Dmitri Alperovitch told Reuters that although his firm has no knowledge of the attack on the Joint Chiefs of Staff network, they have been observed other attacks on high profile US companies and security agencies in the recent months.
A large number of attacks have been linked to a group called "Cozy Bear", which is believed to have ties to the Russian government.
Cozy Bear engaged in a variety of cyber-attacks ranging from spearphishing to more sophisticated and complex attacks. The latest set of attacks used hundreds of emails with a zipfile attachment that, if double-clicked, could introduce the malware to an organization's networks, Alperovitch said.