Hackers have infiltrated most of Washington's state agencies


According to two people familiar with the matter, the hackers have launched a large-scale, multi-pronged cyber-attack against the state of Washington.

Hackers have infiltrated most of Washington's state agencies


The attack infected several state agencies with sophisticated malware, including a type known as a truck boot, according to the two men, who asked not to be named’ because they had asked the media. Not authorized to speak.

People said the attack had already been going on for more than a week, but it had not yet significantly affected state operations, although flaws in the state's security apparatus had been’ exposed.

The cyber-attack had no effect on the state's electoral systems. However, with a month to go before the November presidential election, it highlights the potential threat to state computer networks, including electoral systems.

Tara Lee and Mike Falk, both spokesmen for Governor Jay Inslee, did not respond to requests for comment. The Office of the Secretary of State for Women and Women tweeted on Thursday that it was "aware of the cyber threat facing government agencies ... although we have no reason to believe at this time that the election has been’ targeted."

'Phishing Campaign'

On Thursday, Ansley told a news conference that a nationwide "fishing campaign" had taken place. Fake emails that usually contain an attachment that explodes when malware is opened - targeting the state. But the reality of the attack on state computer networks is more serious than a phishing campaign. The attackers have successfully gained access to several state agencies, spread malware and taken steps to deepen their attack.

According to the source, the US Department of Homeland Security, the FBI and Microsoft Corporation are assisting Washington in their hopes of escaping the attackers.

Microsoft spokesman Frank Shaw declined to comment. Messages sent to the FBI in Seattle were not recognized.

As Ansley said, no further details are available about the nationwide phishing campaign.

The motives of the attackers are not clear. It is not known’ if any data was stolen or if hackers planned to carry out such ransom bombings in recent years, destroying cities, school districts and businesses across the country. Attacks such as those seeking a hefty ransom in order to hurt users again, try to lock their computers, and this can significantly disrupt work for days or weeks.

Still, the timing of the attack raises security questions ahead of the first presidential election, since Russia intervened in the 2016 race by hacking Democratic Party e-mails and targeting the electoral system in all 50 states. The DHS has repeatedly warned of cyber-attacks and even the threat of ransomware ahead of the upcoming vote.

At least a call from some state employees was received’ on September 18. On Sept. 21, an updated guideline asked employees to stop clicking on new attachments, according to a government employee who asked not to be identified’ because he was not authorized to speak to the media. ۔

Profit tool

One of those familiar with the investigation said a preliminary analysis of the intrusion showed that the hackers may not have been targeting Washington, but rather - and took advantage of flaws in the state's cyber security system. Respondents are monitoring malware behavior across state networks, the man said.

According to one of the people familiar with the matter, the attack affected at least 13 state departments and commissions, including reforms, parks and recreation, and fish and wildlife. The man also said that in addition to the truck boot, another type of malware, called Emotite, was used’ in the attack.

Janelle Guttierez, a spokeswoman for the Department of Corrections, retrieved the governor's statement, saying that a number of government and private organizations across the country, including Washington state, had been targeted’ by the phishing campaign.

"Washington is taking practical steps to protest against state systems, which may require some applications to be temporarily taken offline," he said. "It is unknown at this time what he will do after leaving the post."

Representatives of other government agencies did not respond to requests for comment.

Elections are not just a political target for the invaders with the loyalty of the nation-state. Brett Kale, a risk analyst at New Zealand band cyber security company AmesSoft, said it was also a potential source of profit for cybercriminals as victims were reluctant to pay to ensure their system was running smoothly. There may be China.

"There will be a much better time for an attacker to pay through the government system than it needs to have maximum access. Kalu added that hackers have until the day of the November 3 election." Will set fire "

The state of Washington is widely viewed as one of the country's most complex cyber security systems, especially in defense of its electoral system. Due to its reliance on the postal ballot, Washington is at the forefront of preparations for voting on the epidemic, according to a report by the RAND Corporation on the confidence of the voting system in 2020.

Dangerous malware

The Emotic Banking Trojan, first identified in 2014, became notorious for targeting banks and financial data but has since turned into a spamming and malware service, according to cyber research firm Malware Bytes Inc. The ability to avoid detection has accelerated the work of the United States. The government, which has listed Amout as one of the world's most dangerous malware, estimates that an incident could cost $1 million.

Hackers are often able to crawl within the network, allowing them to compromise additional departments. In the case of Emotet, the attacker is also known’ to send phishing emails to victims of the internal e-mail system.

Furthermore, it is not uncommon for attackers to take their time before accessing a network, sending ransomware or other malicious attacks. Hackers can use this time to explore the network to find sensitive data or find out how to take advantage of a threat.

According to cyber security firm Crude Strike, ammo and truck bits are often’ used, especially in the Russian-based cyber security, Ryuk. According to Crude Streak, first recognized in 2019, Reeve became infamous in its first six months of operation to attack enterprise networks, raising revenue to  $4 million, according to Crude Streak.

According to Ames Swift, as Reeve's activity dwindled slightly in the spring and early summer of 2020, another threatening actor emerged in the form of a similar attack, named Conti, according to Ames Swift. The cyber firm said that in its short history, Conti, which also appears to be based’ in Russia, has been notorious for attacking state and local governments, including state courts in Louisiana, in September.

READ MORE 

The Thiem faced a tough French Open as Nadal, Serena set the record