“Personnel are advised to be alert for suspicious activity related to ongoing cyber operations targeting the Department,” the agency’s Cyber and Technology Security Directorate said in an email sent early Thursday morning to all workers.
Last month, more than 2,000 employees received emails, texts and social media messages designed to fool them into either downloading malware or handing over their login information, according to the email, which multiple sources provided to POLITICO.
The warning encouraged employees to report the malicious messages to help cyber experts “understand the broadened scope of cyber targeting against the Department.”
Hackers have used subject lines that mention a political science conference and a technology conference to entice victims into clicking links or downloading infected attachments, according to the State Department message. Other subject lines reference stock market secrets.
A department employee said that he recalled seeing one of these "spear phishing" emails with one of the subject lines.
The State Department has been a top target for foreign government hackers over the years. For instance, it took months to kick out suspected Russian hackers during a November 2014 intrusion.
Hackers from the NSA, which protects U.S. systems in addition to attacking adversaries’ computers, engaged in “hand-to-hand” combat with the foreign intruders during the incident, according to former NSA Deputy Director Rick Ledgett, who described the digital battle as “a new level of interaction between a cyber attacker and a defender.”
Several media outlets reported that the hackers were linked to Moscow.
At the time, the agency said it had “detected activity of concern” and shut down its unclassified email system for security upgrades, though it said no classified information was compromised.
One State employee told POLITICO on Thursday that he was having issues accessing the agency’s unclassified email system from the office but said that it worked when accessed from home.
The State Department declined to confirm the spear phishing warning, but a spokesperson said "employees are often alerted through cyber security training and notifications to be mindful of suspicious activity that could target the Department."
The spokesperson also said that employees reported "no systemic issues" with the email system on Thursday."
It is obvious that employees at State should be stepped through new-school security awareness training which uses frequent simulated social engineering attacks
Cross-posted with grateful acknowledgement. Here is the link to the full story: https://www.politico.com/story/2018/04/12/state-department-attempted-hacking-warnings-479725