How Russians hackers breached the White House unclassified network

According to the CNN Russian hackers used data gathered from State Department to run a Phishing campaign against White House staffers.

On October 2014, the Reuters Agency published the news that a suspicious activity had been detected on the Executive Office of the President (EOP) network. According to an unnamed official at the White House, hackers infiltrated an unclassified network, the Obama Administration confirmed the incident.

The New York Times reported that an unnamed official working at the White House has admitted systems used by President Obama’s staff were breached by external hackers. The intrusion was detected by defense systems and triggered a temporary system outages.

The system outages was caused “as a result of measures we have taken to defend our network,” said the official.

According the experts the hacker was engaged in reconnaissance, there is no evidence of data breach, neither of sabotage. The attacker was trying to discover the composition of the  unclassified White House network.

“Administration officials said the attack did not appear to be aimed at destruction of either data or hardware, or to take over other systems at the White House. That strongly suggests that the hackers’ intention was either to probe and map the unclassified White House system, find entry points where they connect to other system or conduct fairly standard espionage.” reported The New York Times.

Shortly before the attack against the unclassified network at the White House, security experts at FireEye reported of another ATP group, dubbed APT28, which seems to be linked to the Russian government and that is active since 2007. APT28 run a cyber espionage campaign against governments, militaries and security companies worldwide.

US officials involved in the investigation have told CNN that Russian hackers used their account after compromising the U.S. State Department to gather sensitive information on the unclassified White House network.

Now the CNN has provided further details of the cyber attack, the news agency has confirmed that Russian hackers breached the unclassified network of the US Government and have had access to the president’s schedule. This kind of information despite is not classified, is usually not publicly shared.

“Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.” reports the CNN.

The hackers breached the White House network using the information gathered thanks a precedent attack against the email systems in the U.S. State Department. The Russian hackers were inside the systems at the State Department for months, and many security experts speculate that they still have the access to the Government Office.

Investigators believe that hackers used their access to the State Department systems to run a phishing campaign the White House staffers.

National Security Council spokesman Mark Stroh didn’t confirm the Russian origin of the attack, but he said that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.” added Stroh.

Neither the U.S. State Department nor the Russian Embassy have provided further details on the case.

Pierluigi Paganini

(Security Affairs –  White House, hacking)