Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system.
While the White House has said the breach only affected an unclassified system, the hackers had access to sensitive information. As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over.
Dwayne Melancon, CTO of Tripwire, said: “Once an attacker gets into your systems it can be notoriously difficult to get them out, particularly when your network and internal security controls allow the attacker to move around on your network without being noticed. That appears to be the case here, which could be the result of an outwardly-focused security approach.
“There are a few significant challenges in breaches like this. First, attribution is difficult. A savvy attacker can not only cover their tracks, they can often mislead you into believing someone else is behind the attacks. I hope the White House has strong evidence to claim Russian responsibility.
“Additionally, many organisations lack a baseline understanding of what is “normal” on their internal network and systems, making it difficult to tell which systems you can trust, which systems you can’t and – more importantly – how to stop the attack and prevent future compromises.”