US State Department reportedly hit by serious cyber-attack

Hacker
(Image credit: Image Credit: Geralt / Pixabay)

The US Department of Defense’s (DoD) Cyber Command has notified Congress that the State Department was hit by a cyber-attack, according to reports -- and security experts told TechRadar Pro that the slow trickle of official information was only making the matter worse.

A series of tweets over the weekend from Fox News White House correspondent Jacqui Heinrich revealed the campaign against the State Department, although it has so far refused to officially comment on the matter.

“The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time,” a State Department spokesperson told Heinrich. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

An anonymous source also told Heinrich that the attack, which supposedly happened a couple of weeks ago, hasn’t had any detrimental impact on the State Department’s ongoing evacuation mission in Afghanistan.

Lack of details don’t help

Security experts TechRadar Pro spoke to weren’t impressed by the department’s stonewalling of information.

“Clarity and transparency are absolutely vital in the aftermath of an attack, but history has shown us that many organizations have attempted to delay or avoid any discussions that may negatively impact them,” said Jake Moore, Cybersecurity Specialist at ESET.

Sam Curry, chief security officer at Cybereason, added that the lack of information about attacks such as these is one of the reasons for the Endpoint Detection and Response (EDR) mandate for the US Federal government agencies in the recent White House Executive Order

“Having a means of finding the attacks, like the one on the State Department as threat actors move in the slow, subtle, stealthy way through networks, is the only option in returning defenders to higher ground above threat actors... Today, it’s not about who we hire or what we buy. It’s about how we adapt and improve every day,” Curry tells TechRadar Pro.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.