Hackers associated with the Chinese government attacked
an unclassified network of the White House Military Office last month. The
attack, first reported by the Washington Free Beacon, came as the White House
nears completion of a cyber security executive order. The White House Military
Office, which arranges the president’s travel schedule and teleconferences with
senior policy and intelligence officials, is also in charge of the strategic
nuclear command codes that comprise the president’s nuclear football.
Due to the nature of the target, the attack was suspected
to have come from the Chinese military’s cyber unit, the 4th Department of General
Staff of the People’s Liberation Army. A senior Obama administration official
told the Free Beacon that the cyberattack was a “spear phishing” attack, which
uses an email to lure the targeted adversary into revealing confidential
information.
While there is no indication of a breach or sign that
data was compromised, officials have not yet determined the extent of the
hack’s damage. A law enforcement official who works with members of the White
House Military Office confirmed the Chinese attack to FoxNews.com on Monday,
but it remains unclear what information, if any, was taken or left behind.
"This [White House Communications Agency] guy opened
an email he wasn't supposed to open," the source said.
That email contained a spear phishing attack from a
computer server in China, the law enforcement source told FoxNews.com. The
attack was first reported by the conservative blog. Spear phishing involves the use of messages
disguised to appear as valid; in fact, they contain targeted, malicious attempts
to access sensitive or confidential information. By opening the email, which
likely contained a link to a malicious site or some form of attachment, the
agency member allowed the Chinese hacker to access a system, explained Anup
Ghosh, founder and CEO of security company Invincea.
"The attack originated in the form of a spear phish,
which involves a spoofed inbound email with either a link to a malicious
website or a weaponized document attachment such as a .pdf, Microsoft Excel
file or Word document," he told FoxNews.com.
0 comments:
Post a Comment
We Love To Hear What You think About The Post Or Blog.