5/19/2023 0 Comments Oak ridge national laboratoryIn that case, the attackers sent a variation of seven different e-mails to workers, including one purporting to discuss an upcoming scientific conference. In 2007, a similar attack allowed hackers to access a nonclassified database at the lab and gain access to thousands of names, Social Security numbers and birth dates belonging to anyone who had visited the lab between 19. It's not the first time the lab has been breached through spear phishing. The lab had begun to restore limited e-mail usage for workers on Tuesday afternoon, but employees were still being prevented from sending or receiving attachments. He would not say whether encryption experts from the National Security Agency were among those assisting the investigation. He said, however, that investigators from "sister labs" and other government agencies were "having some successes" in decrypting the data and analyzing the code. The exfiltrated data was encrypted, and its destination is still being investigated. He was unable to say what the attackers stole or where the pilfered data went. "We are still trying to fully characterize the malware so we can completely eradicate it," he said. Zacharia said the malware "masked itself" on systems and was designed to erase itself if it tried to compromise a system and was unsuccessful. That's when the lab blocked internet access. The malware had apparently laid dormant for a week before it awoke on those systems. Workers cleaned up the infected system, but early Friday evening "a number of other servers suddenly active with the malware," Zacharia said. On April 11, administrators discovered a server had been breached when data began leaving the network. The lab began to block the malicious emails soon after they began coming in, but it was already too late. Out of this, only two machines got infected with the malware. About 530 employees received the e-mail - out of about 5,000 workers - but only 57 people clicked on the malicious link in the correspondence. The attackers cast their net wide in the company, but hooked only two computers in the phishing scheme, Zacharia said. The e-mail, purportedly sent from the human resources department, discussed employee benefits and included a link to a malicious web page, where malware exploited the IE vulnerability to download additional code to users' machines. According to Zacharia, the intrusion came in the form of a spear-phishing email sent to lab employees on April 7.
0 Comments
Leave a Reply. |