The U.S. military believes hackers connected to Russia are behind the recent intrusion into a key, unclassified email server used by the office of the Joint Chiefs, though there is no final conclusion, a U.S. official familiar with the latest assessment of the attack’s impact said Thursday.
Military officials assessed that the attack had a sophistication that indicates it came from a state-associated actor, and that the two likely suspects are Russia and China. The system was taken offline as soon as the intrusion was detected.
But while China cannot be ruled out definitively, the intrusion into the system is not typical of Chinese hackers, the official said.
The spear phishing attack into the email of the Pentagon’s Joint Staff “exposed a new and different vulnerability” than has been seen in the past, a senior Defense official told CNN on Wednesday.
For more than 10 days, some 4,000 users on the Defense Department network have been without their email while military cyber experts have tried to scrub and rebuild the network. Spear phishing attacks are emails to employees that dupe them into giving up their network credentials.
Military cyber experts have concluded the attackers were specifically targeting the Joint Staff, hoping to learn what they could from the unclassified email network. The Joint Staff are the military and civilian personnel who serve the chairman of the Joint Chiefs on issues ranging from budgeting to military operations.
No classified networks were penetrated, officials said. The spear phishing attack, however, successfully penetrated the server at multiple points, the senior Defense official said.
All of the required cyber protection and patches were in place, but the attack still was able to find a way into the network that the U.S. government had not seen before, according to the preliminary analysis, the senior Defense official said.
Earlier this year, Defense Secretary Ashton Carter blamed Russian hackers for penetrating an unclassified Pentagon network. And in April, U.S. officials said Russian hackers were behind a series of damaging intrusions that penetrated sensitive parts of the White House computer system. Although they were only able to access unclassified systems, the hackers had access to sensitive information like the President’s daily schedule, officials briefed on the investigation said.