The attacker infected the network with a sophisticated piece of malware designed to steal technical information from the Oak Ridge National Laboratory, which runs Jaguar, one of the fastest supercomputers in the world.
“This particular malware is set up to collect technical information and send it out of the lab,” Barbara Penland, the lab’s deputy director of communications, told Government Computer News. “That’s the reason we took the aggressive action of cutting off external access. We have been operating normally internally.”
E-mails were sent to several employees, which appeared to arrive from the human resource department regarding some employee benefits. The e-mail lured employees to click on a link for getting more information on the benefits.
Some employees, who clicked on the link, inadvertently downloaded the data-stealing malware, which exploited a flaw in Internet Explorer. The affected computers have been quarantined to contain the spread of malware.
Commenting on the phishing attack, Anup Ghosh, chief scientist at Invincea, said that the user “has become the primary target for our adversaries (whether cybercrime or nation state) and has become the unwitting accomplice in the breach of our networks. The adversary targets the user because they know that regardless of all the patches applied to technology, one cannot apply a patch to…the human brain."
Ghosh added that “organizations across every industry, be it the government or technology, need to put the user in a protective bubble [a fully virtualized OS] while coming into contact with all types of untrusted content. Whether the content is from the Internet or arrives via an attachment in a mail or IM client, we need to be able to keep user mistakes, in terms of clicking or viewing untrusted content, from equating to massive theft of the crown jewels.”