Department of Energy Compromised in Sophisticated Attack

Hackers targeted and compromised computer networks at United States Department of Energy headquarters in Washington DC two weeks ago, according to a report published by the Washington Free Beacon earlier this morning.

Hackers targeted and compromised computer networks at United States Department of Energy headquarters in Washington DC two weeks ago, according to a report published by the Washington Free Beacon earlier this morning.

DoE officials confirmed the attack and are currently investigating the incident that reportedly compromised 14 servers and 20 workstations, and exposed the personal information of hundreds of DoE employees.

However, Energy Department and FBI officials investigating the attack claimed that it was not designed merely to pilfer the personal information of department employees, and that there were indications that the interlopers attempted to install backdoors which could be used at a later time to steal sensitive and classified information.

An anonymous source told the Free Beacon that no classified information was compromised in the attack.

The attackers made off with what the U.S government called personally identifiable information, which could include names, Social Security numbers, digital identities and associated IP addresses, vehicle and driver’s license numbers, faces, fingerprints, and handwriting samples as well as credit card numbers, dates of birth, birthplaces, and genetic information. Such information might seem negligible in the context of international espionage, but it can and has been used effectively in spear-phishing and other social engineering campaigns.

More broadly, the DoE itself may not seem like a high value target to the casual observer, but the department’s networks are loaded with sensitive technological information. Beyond that, the department is also home to often-targeted, security focused Sandia National Laboratories, whose research touches on everything from nuclear waste disposal to critical infrastructure security.

There is no real concrete, attributional evidence of it, but the report claims that the sophistication of the attack suggests that China was responsible.

Suggested articles

plugX malware loader TA416

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

Discussion

  • Anonymous on

    ======== no classified information was compromised in the attack ======== That's OK, then. No need to worry about PII, after all. ======== which COULD include names, Social Security numbers, digital identities and associated IP addresses, vehicle and driver’s license numbers, faces, fingerprints, and handwriting samples as well as credit card numbers, dates of birth, birthplaces, and genetic information ======== Could or did? Did you just make up this list? If not, why on earth would they hold some of this information? And unencrypted? ======== Such information might seem negligible in the context of international espionage, but ======== Not to me, or the people who had their information compromised. It is sad that you seem to think so. Quick question, though. Why waste time compromising a HR system, which would presumably be kept isolated from the classified systems, if they were after classified information? Were they so unconcerned about detection that they just took their time wandering around? Doesn't inspire confidence, does it?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.