14 DAY TRIAL // A computer network operated by the Pentagon has been breached by hackers believed to be from Russia, it has been reported.
The incident has not been disclosed before, and it occurred earlier this year, the US Secretary of Defense Ashton Carter said Thursday in a speech at Stanford University in California.
Breach was plugged in 24 hours
According to Carter, the intruders exploited a vulnerability in an older unclassified network. No sensitive data was accessed, and the security hole was plugged within 24 hours, but not before gathering information about the attackers and their activity on the network.
Carter said that the incident was associated with Russia, although he did not mention whether it was a government operation or the work of independent hackers.
The Secretary of Defense did not elaborate on the matter and did not explain how the incident response team managed to reach their conclusion regarding the origin of the attackers, since this job is particularly difficult (hackers employ a network of compromised devices to hide their traces).
Connection with other similar incidents is not clear
Attacks hailing from Russia had been recorded prior to the incident at the Pentagon, the targets being the US Department of State and the White House. They were deployed in the second half of 2014 and used a malware piece dubbed CozyDuke.
In a recently published analysis, Kaspersky tied CozyDuke to other APTs used for cyber-espionage purposes in the past, such as OnionDuke and MiniDuke.
Carter did not say if the attack at the Pentagon was related in any way to the malicious activity identified at the White House and the State Department.
Hacking activity against government digital assets is frequently recorded, and the perpetrators rarely manage to gain access to the network, which is most of the times an unclassified one.
Nevertheless, such events are not to be dismissed as risk-free because they could lead to compromising structures of higher importance.