A spear phishing attack into the unclassified email of the Pentagon’s Joint Staff “exposed a new and different vulnerability” than has been seen in the past, a senior Defense official told CNN on Wednesday.
For more than 10 days, some 4,000 users on the Defense Department network have been without their email while military cyber experts have tried to scrub and rebuild the network. Spear phishing attacks are emails to employees that dupe them into giving up their network credentials.
Military cyber experts have concluded the attackers were specifically targeting the Joint Staff, hoping to learn what they could from the unclassified email network. The Joint Staff are the military and civilian personnel who serve the Chairman of the Joint Chiefs on issues ranging from budgeting to military operations.
No classified networks were penetrated, officials said. The attack has the hallmark of one by a foreign government, but they still are not certain, officials said.
The spear phishing attack, however, successfully penetrated the unclassified email at multiple points, the senior official said.
All of the required cyber protection and patches were in place, but the attack still was able to find a way into the network that the U.S. government had not seen before, according to the preliminary analysis, the official said.
Once the intrusion was detected, the entire network was taken offline, and officials said they now hope it will be finally restored on Thursday.