How Russians hackers breached the White House unclassified network

According to the CNN Russian hackers used data gathered from State Department to run a Phishing campaign against White House staffers.

On October 2014, the Reuters Agency published the news that a suspicious activity had been detected on the Executive Office of the President (EOP) network. According to an unnamed official at the White House, hackers infiltrated an unclassified network, the Obama Administration confirmed the incident.

The New York Times reported that an unnamed official working at the White House has admitted systems used by President Obama’s staff were breached by external hackers. The intrusion was detected by defense systems and triggered a temporary system outages.

The system outages was caused “as a result of measures we have taken to defend our network,” said the official.

According the experts the hacker was engaged in reconnaissance, there is no evidence of data breach, neither of sabotage. The attacker was trying to discover the composition of the  unclassified White House network.

“Administration officials said the attack did not appear to be aimed at destruction of either data or hardware, or to take over other systems at the White House. That strongly suggests that the hackers’ intention was either to probe and map the unclassified White House system, find entry points where they connect to other system or conduct fairly standard espionage.” reported The New York Times.

Shortly before the attack against the unclassified network at the White House, security experts at FireEye reported of another ATP group, dubbed APT28, which seems to be linked to the Russian government and that is active since 2007. APT28 run a cyber espionage campaign against governments, militaries and security companies worldwide.

US officials involved in the investigation have told CNN that Russian hackers used their account after compromising the U.S. State Department to gather sensitive information on the unclassified White House network.

Now the CNN has provided further details of the cyber attack, the news agency has confirmed that Russian hackers breached the unclassified network of the US Government and have had access to the president’s schedule. This kind of information despite is not classified, is usually not publicly shared.

“Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.” reports the CNN.

The hackers breached the White House network using the information gathered thanks a precedent attack against the email systems in the U.S. State Department. The Russian hackers were inside the systems at the State Department for months, and many security experts speculate that they still have the access to the Government Office.

Investigators believe that hackers used their access to the State Department systems to run a phishing campaign the White House staffers.

National Security Council spokesman Mark Stroh didn’t confirm the Russian origin of the attack, but he said that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.” added Stroh.

Neither the U.S. State Department nor the Russian Embassy have provided further details on the case.

Pierluigi Paganini

(Security Affairs –  White House, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

3 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

15 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

19 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.