FBI warns of US government networks violated by Anonymous

The FBI is warning that members of the Anonymous hacking collective have violated networks belonging to multiple government agencies stealing sensitive data

The Reuters agency reported that members of the hacktivist group of Anonymous  secretly violated U.S. Government networks in multiple agencies and stolen sensitive information. The FBI warned that the hacking campaign began almost a year ago, the hacktivists have exploited a flaw in Adobe applications to compromise the target systems and install software backdoors to maintain the control of the victims computers over the time, the facts dated back to last December.

The alert issued this week by the FBI reveals that the hacking campaign affected the U.S. Army, Department of Energy, Department of Health and Human Services, and other government agencies.

[the attacks are] “a widespread problem that should be addressed.” states the FBI memo.

The memo issued by the FBI also provided useful information for system administrators to discover evidences of Anonymous attacks on their system, it suggests what to look for to determine if their networks are compromised.

The nature of the attack led the security experts to believe that Anonymous is conducting a wide range cyber espionage campaign against Government agencies, the hacktivists are still operating under coverage according law enforcement.

“According to an internal email from Energy Secretary Ernest Moniz’ chief of staff, Kevin Knobloch, the stolen data included personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on almost 2,0000 bank accounts. The email, dated October 11, said officials were “very concerned” that loss of the banking information could lead to thieving attempts.” states Reuters post.

It seems that the hacking campaign was linked to the case of Lauri Love, a British resident indicted on October 28 for allegedly breaking into computers at the Department of Energy, Army, Department of Health and Human Services, the U.S. Sentencing Commission and elsewhere.

Law enforcement sustains that attacks began when Love and other members of the group of hacktivists exploited a security flaw in Adobe’s ColdFusion application, of course Adobe spokeswoman declined any responsibility and declared that similar attacks are possible only if targeted systems are not updated with the latest security patches.

Law enforcement confirmed that some of the stolen information on the latest campaign had previously been disclosed by Anonymous members during the “Operation Last Resort.”

Despite the earlier disclosures, “the majority of the intrusions have not yet been made publicly known,”  “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.” the FBI wrote.

The cyber espionage campaigns conducted by Anonymous are the reply to the arrests of popular hackers linked to the collective linked to US retaliation strategy against hackers.

Consider hacktivism a transitory phenomena are dangerous, underestimate the capabilities of groups like Anonymous is a serious error and the FBI memo is a important warning for Governments and IT community … Anonymous is alive and could hit every target in every moment!

Pierluigi Paganini

(Security Affairs – Anonymous, hacktivism)

 

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

13 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

19 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.