Enjoying ad-free content?
Since July 1, 2024, we have disabled all ads to improve your reading experience.
This commitment costs us $10,000 a month. Your support can help us fill the gap.
Support us
Our journalism is banned in Russia. We need your help to keep providing you with the truth.

Russia Prime Suspect in Cyber Attack Against U.S. Military — U.S. Officials

WASHINGTON — Russia is the leading suspect in a sophisticated cyber attack on the unclassified email network of the U.S. military's Joint Staff that prompted the Pentagon last month to restrict access to portions of that network, U.S. officials said on Thursday.

Early reports firmly linked Russia to the attack, said one U.S. official, who declined to be named since the investigation is still underway.

"It was a spearphishing attack traced to that country," said the official, when asked about Russia's possible involvement. Spearphishing emails purport to be from colleagues.

A second official, who also spoke on condition of anonymity, described Russia as a leading suspect but cautioned that it would take time for investigators to firmly attribute blame.

The Pentagon declined comment on the investigation.

In late April, U.S. Defense Secretary Ash Carter blamed Russian hackers for a cyber intrusion on an unclassified U.S. military network this year, saying they discovered an old vulnerability that had not been patched.

In that case, Carter said the Pentagon quickly identified the compromise and had incident responders "hunting the intruders within 24 hours."

In this latest case, the U.S. military's Joint Staff, which employs about 2,500 civilian and uniformed personnel, have seen their unclassified email access severely restricted since the last weekend of July. The rest of the Pentagon appeared to be unaffected.

Officials told Reuters the attack bore the hallmarks of the actions of a foreign state, as opposed to a less sophisticated hacker.

Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, a cybersecurity firm, said his company had seen a "massive escalation" in cyber attacks tied to the Russian government since sanctions were imposed last year over Moscow's actions in Ukraine.

He said he had no information on the alleged attack on the Joint Chiefs of Staff network, but his firm had detected a large number of attacks against U.S. national security agencies and commercial companies by a hacker group called "Cozy Bear" that had clear ties to the Russian government.

Cozy Bear engaged in a variety of cyber attacks ranging from spearphishing to more sophisticated and complex attacks. The latest set of attacks used hundreds of emails with a zipfile attachment that, if double-clicked, could introduce the malware to an organization's networks, Alperovitch said.

"Once they get a beachhead, their tradecraft is very, very good," he said. 

… we have a small favor to ask. As you may have heard, The Moscow Times, an independent news source for over 30 years, has been unjustly branded as a "foreign agent" by the Russian government. This blatant attempt to silence our voice is a direct assault on the integrity of journalism and the values we hold dear.

We, the journalists of The Moscow Times, refuse to be silenced. Our commitment to providing accurate and unbiased reporting on Russia remains unshaken. But we need your help to continue our critical mission.

Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just $2. It's quick to set up, and you can be confident that you're making a significant impact every month by supporting open, independent journalism. Thank you.

paiment methods
Not ready to support today?
Remind me later.

Read more