The Department of Homeland Security’s U.S. Computer Emergency Readiness Team warned agencies about targeted malicious emails, days after government officials reportedly detected that spearphishing was used to penetrate an unclassified Joint Staff network.
A threat analyst who helped establish US-CERT criticized the alert’s paucity of information on what infected computer systems look like.
DHS would not comment on whether there is any relationship between the advisory for federal offices and private companies and the apparent military data breach. A DHS spokesman said Friday he had no comment regarding the Joint Staff incident, in general.
FBI officials, as of Friday late afternoon, had no information to offer about the Joint Staff situation.
The warning said some of the spearphishing emails are tailored to copy sensitive government and business information. Others can roil an organization’s entire network.
“US-CERT is aware of three phishing campaigns targeting U.S. government agencies and private organizations across multiple sectors,” DHS officials said in the notice, which posted Aug.1. “Most of the websites involved are legitimate corporate or organizational sites that were compromised” by the attackers.
Over the past two months, there have been reports of “multiple, ongoing and likely evolving” attacks that unfold when an employee clicks a link to a website in the email, according to US-CERT.
An intrusion into an unclassified Joint Chiefs of Staff email system was identified around July 25, according to The Washington Post.
The DHS notification does not describe the fake websites or list “indicators” — like IP addresses or specific malware behaviors — that could be used to flag threats before intruders infiltrate…