Russia Prime Suspect behind Cyber-Attack on U.S. Military Email

According to U.S. officials, Russia is considered to be the leading suspect behind a cyber-attack on an unclassified email network of the U.S. military’s Joint Staff which has urged the Pentagon last month to curb access to portions of that network. The U.S. intelligence community’s worldwide threat assessment which was released in February had listed Russia and China as the `nation states with highly sophisticated cyber programs and officials had informed that the phishing attack was so sophisticated that only a nation state had the potential of launching it.

One U.S. official, who refrained from being named and since the investigation was still underway, had informed Reuters, that the earlier reports definitely linked Russia to the Cyber-Attack . The official further added when asked about Russia’s possible involvement that `the so-called spear phishing attack using emails pretending to be from colleagues was traced back to that country’.

Another official has also commented on condition of anonymity describing Russia as a prime suspect though cautioned that it would take some time for investigators to confidently attribute the blame. Comments on the investigation have been refrained by Pentagon.

Attackers had Trademarks of Foreign State

The U.S. Defense Secretary, Ash Carter, in late April had blamed Russian hackers for cyber-intrusion on an unclassified U.S. military network this year, stating that they had discovered an old susceptibility which had not been patched. With regards to that case, Carter had said that the Pentagon had immediately recognized the compromise and had event responders `hunting the intruders within 24 hours’.

In the most recent case, the U.S. military’s Joint Staff that tends to employ the 2,500 civilian as well as uniformed personnel, had seen their unclassified email access relentlessly restricted from the last weekend of July while the rest of the Pentagon seemed to be unaffected.

Officials had informed Reuters, that the Cyber-Attack had the trademarks of the actions of a foreign state, contrasting to a less sophisticated hacker. Dmitri Alperovitch, chief technology officer and the co-founder of CrowdStrike, a cyber-security firm, had observed a huge rise in Cyber-Attack linked to the Russian government since the sanctions were imposed last year on Moscow’s action in Ukraine.

Cozy Bear Engaged in Various Cyber-Attacks

Alperovitch also mentioned that he had no information with regards to the alleged attack on the Joint Chiefs of Staff network though his firm had discovered a huge number of attacks against U.S. national security agencies as well as commercial companies by `Cozy Bear’, one of the hacker groups, which had strong links to the Russian government.

According to Alperovitch, Cozy Bear is said to be engaged in various cyber-attacks varying from spear phishing to more sophisticated as well as complex attacks and the recent set of Cyber-Attacks had utilised hundreds of emails with a zip-file attachment which if double clicked could host the malware to an organisations’ network and once they get a foothold, their tradecraft seems to be very good.

A senior Defense official had informed that while more sophisticated attacks have been reduced in the past on the military’s computer network, this cyber-attack utilised an approach which had not been envisaged earlier. Capt. Jeff David, Pentagon spokesman had recently informed that the U.S. military’s computer networks routinely come under cyber-attack.