Russian attackers have compromised the Pentagon’s Joint Chiefs of Staff unclassified email systems, affecting 4,000 military and civilian personnel.
Officials said that it’s unclear if the attack was sanctioned by the Russian government or by individuals, given the scope of the attack. But, sources told NBC that they believe it "was clearly the work of a state actor."
The cyberattack occurred around July 25, and has led to the Pentagon shuttering the entirety of the email server until it could be secured. The hack resulted in large quantities of data being shared automatically to thousands of various websites across the internet.
“These attackers took enough data in a few minutes to shut down a vast email system for two weeks—the ramifications of which may not be fully known,” said Haiyan Song, Splunk's SVP of security, in an email. “While shutting down the system was a good isolation measure, you can be assured security teams are investigating further to understand the scope of this attack. When credentials get stolen, additional and more damaging attacks are inevitable. This is why being ready is so critical. Speed of detection and response is the only true defense.”
In 2014, Russian hackers gained access to the White House's unclassified email system in a very similar attack. It gave hackers access to President Obama's personal emails, which contained exchanges with ambassadors, diplomats and policy questions.
“We cannot keep having the same weekly conversation about cybersecurity,” Song said. It is well known that cyber space is the new front line. If we are not better prepared, we will continue to see stories like this play out, and there will be ongoing threats to our national security. It is the responsibility of government and industry to work together and find comprehensive policy and technology solutions that better equip agencies’ security teams.”