Posted on August 23, 2021 at 1:49 PM
According to a recent report, the US State Department was recently hit by a cyberattack. Although it’s not clear when the breach occurred, it is believed that it took place a few weeks ago.
A report by Fox News noted that the hacking incident did not affect the latest mission by the American government to evacuate its citizens and other allies in Afghanistan.
No major impact of the incidence
The report also revealed that the operations of the State Department have not been impacted. Also, there are no substantial disruptions to the department’s activities. The State Department commented about the attack, stating that the safeguarding of its information and resources is taken very seriously.
But it refused to discuss anything further about the breach. “We are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time,” it stated.
The State Department admitted that the situation is still under investigation and will provide more updates as soon as possible.
The information security program of the State Department has been criticized in recent months. Earlier this month, the Senate Committee on Homeland Security said the security program of the State Department has not been effective in four of five function areas.
Weaknesses discovered in the Department’s security
Auditors of the security program stated that they found laxities in highly sensitive areas, adding that it did not have any strong privacy and data security program in place.
The Senate Committee presented a cybersecurity report, detailing the findings of the audit is conducted. According to the report, the agency failed to provide documentation for 60 percent of the sample employees evaluated.
It noted that thousands of the State Department’s employee accounts were still active, even those that have left the organization.
These include those dismissed, retired, and those who have quit for a significant period. According to the report, the State Department made it easier for threat actors by not securing their systems and flushing out old accounts that were redundant. As a result, it left various attack windows open to threat actors.
The report also noted that the Department of Defense has issued notifications concerning the breach. It is still not known whether the threat actors were working alone or sponsored by state actors.
Data of AT&T customers reportedly offered for sale
In another development, a known threat actor is reportedly selling stolen data from AT&T users on the dark web.
According to the report, the threat actors want to sell the stolen databases for $1 million. The data after being analyzed by the privacy and security awareness site RestorePrivacy contained information such as date of birth, social security numbers, as well as other details from AT&T users.
A security researcher at RestorePrivacy, Sven Taylor, commented about the stolen database. He stated that the data was examined and seems authentic based on the available public records. But the security team didn’t confirm whether the data was from AT&T customers, although the threat actors stated that the entire data was from AT&T customers in the United States. However, they didn’t state how they got the data.
AT&T has commented about the data but denied that it was retrieved from their servers.
A spokesperson of AT&T stated that the company has carried out its investigation and found out that that data that appeared in an internet chat room does not seem to have come from its systems.
The threat actors seem to have made themselves popular even before the latest data breach incident. It has been involved in other hacking incidences in the past, including attacks on Wishbone, MeetMindful, Mashable, and Microsoft.
The increasing spate of hacking incidences
The AT&T incident is another demonstration of how hackers have become very serious to infiltrate servers of organizations. Barely a week ago, some threat actors stole details of about 53 million T-mobile customers. The telecommunication giant is now facing serious lawsuits filed by aggrieved customers seeking compensation for the hacking incident.
The past year has been particularly a feasting year for threat actors who have been taking advantage of the COVID-19 pandemic to launch attacks on organizations. More companies have now become vulnerable due to the changes they made during the pandemic. But with employees gradually returning to their working environments, organizations will be making more security changes to offer more protection to their servers.