The U.S. State Department has reportedly suffered a cyber-attack leading to notifications of a possible serious breach being made by the Department of Defense Cyber Command.
Fox News journalist Jacqui Heinrich made the claim in a series of tweets over the weekend. She wrote, “The State Department has been hit by a cyber attack, and notifications of a possible serious breach were made by the Department of Defense Cyber Command.
“It is unclear when the breach was discovered, but it is believed to have happened a couple of weeks ago.”
Heinrich added that the State Department’s mission to evacuate US personnel and allied refugees from Afghanistan has “not been affected” by the incident.
She also tweeted that “the extent of the breach, investigation into the suspected entity behind it, efforts taken to mitigate it, and any ongoing risk to operations remains unclear.”
Reuters then reported that a “knowledgeable source” had informed them that the department had not experienced any significant disruptions or had its operations impeded in any way.
A spokesperson for the State Department was quoted as saying, “The department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”
Commenting on the story, Sam Curry, chief security officer, Cybereason, said, “The recent cyber-attack against the U.S. State Department is a reminder that anyone and everyone can be hit and will be hit. Today, it is a matter of how quickly threats are discovered and how quickly they are stopped. Overall, the State Department’s networks are big, and they are presumably getting attacked by nation-states, terrorists and other adversaries on a daily basis. However, without more data on the recent attack, it would be premature to make assumptions on the motives or groups involved in this latest action.
“There’s no shame in being attacked, and disclosing it properly is laudable. There’s a world of difference between an infrastructure beach where a nation-state, rogue group or hacktivist gets in and an information or material breach that causes damage. While the State Department isn’t likely to disclose any further details of this attack, given the current chaos on the ground in Afghanistan and lingering tensions with Russia over the Colonial and JBS attacks and China for carrying out the Microsoft Exchange Server attacks, public and private sector security teams should be on high alert. Also, allies of the US across Europe, Asia-Pacific and Africa should be on high alert. Let’s hope the perception by some that the US is distracted doesn’t lead to more attacks and chaos.”
The revelation has come just weeks after a bipartisan report was published by the Senate Homeland Security and Governmental Affairs Committee, which found “stark” shortcomings in the cybersecurity posture of many federal agencies. The report rated the State Department “effectively a D” regarding its cybersecurity posture, “the lowest possible rating within the Federal Government’s maturity model.”
Curry added, “The State Department attack is one of the reasons for the EDR mandate for the US federal government agencies in the recent White House Executive Order. Having a means of finding the attacks like the one on the State Department as threat actors move in the slow, subtle, stealthy way through networks is the only option in returning defenders to higher ground above threat actors. Advanced prevention, building resilience, ensuring that the blast radius of payloads is minimized and generally using peacetime to foster antifragility is achievable. Today, it’s not about who we hire or what we buy. It’s about how we adapt and improve every day.”