Support The Moscow Times!

Russia Prime Suspect in Cyber Attack Against U.S. Military — U.S. Officials

WASHINGTON — Russia is the leading suspect in a sophisticated cyber attack on the unclassified email network of the U.S. military's Joint Staff that prompted the Pentagon last month to restrict access to portions of that network, U.S. officials said on Thursday.

Early reports firmly linked Russia to the attack, said one U.S. official, who declined to be named since the investigation is still underway.

"It was a spearphishing attack traced to that country," said the official, when asked about Russia's possible involvement. Spearphishing emails purport to be from colleagues.

A second official, who also spoke on condition of anonymity, described Russia as a leading suspect but cautioned that it would take time for investigators to firmly attribute blame.

The Pentagon declined comment on the investigation.

In late April, U.S. Defense Secretary Ash Carter blamed Russian hackers for a cyber intrusion on an unclassified U.S. military network this year, saying they discovered an old vulnerability that had not been patched.

In that case, Carter said the Pentagon quickly identified the compromise and had incident responders "hunting the intruders within 24 hours."

In this latest case, the U.S. military's Joint Staff, which employs about 2,500 civilian and uniformed personnel, have seen their unclassified email access severely restricted since the last weekend of July. The rest of the Pentagon appeared to be unaffected.

Officials told Reuters the attack bore the hallmarks of the actions of a foreign state, as opposed to a less sophisticated hacker.

Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, a cybersecurity firm, said his company had seen a "massive escalation" in cyber attacks tied to the Russian government since sanctions were imposed last year over Moscow's actions in Ukraine.

He said he had no information on the alleged attack on the Joint Chiefs of Staff network, but his firm had detected a large number of attacks against U.S. national security agencies and commercial companies by a hacker group called "Cozy Bear" that had clear ties to the Russian government.

Cozy Bear engaged in a variety of cyber attacks ranging from spearphishing to more sophisticated and complex attacks. The latest set of attacks used hundreds of emails with a zipfile attachment that, if double-clicked, could introduce the malware to an organization's networks, Alperovitch said.

"Once they get a beachhead, their tradecraft is very, very good," he said. 

Sign up for our free weekly newsletter

Our weekly newsletter contains a hand-picked selection of news, features, analysis and more from The Moscow Times. You will receive it in your mailbox every Friday. Never miss the latest news from Russia. Preview
Subscribers agree to the Privacy Policy

A Message from The Moscow Times:

Dear readers,

We are facing unprecedented challenges. Russia's Prosecutor General's Office has designated The Moscow Times as an "undesirable" organization, criminalizing our work and putting our staff at risk of prosecution. This follows our earlier unjust labeling as a "foreign agent."

These actions are direct attempts to silence independent journalism in Russia. The authorities claim our work "discredits the decisions of the Russian leadership." We see things differently: we strive to provide accurate, unbiased reporting on Russia.

We, the journalists of The Moscow Times, refuse to be silenced. But to continue our work, we need your help.

Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just $2. It's quick to set up, and every contribution makes a significant impact.

By supporting The Moscow Times, you're defending open, independent journalism in the face of repression. Thank you for standing with us.

Once
Monthly
Annual
Continue
paiment methods
Not ready to support today?
Remind me later.

Read more