The federal facility was hacked and data was siphoned from a server on Friday, federal workers were forced to disconnect internet access.
Oak Ridge National Laboratory |
Only a “Few megabytes” of data were stolen before the lab discovered the breach and cut net access. Oak Ridge is located in Tennessee and conducts classified and unclassified energy and national security work. Funded by the U.S Department of Energy it is managed by UT-Batelle, a private company.
According to Thomas Zacharia, deputy director of the lab, the attack against the lab was “sophisticated” and compared it to so-called “advanced persistent threat” attacks that hit the security firm “RSA” last month and Google last year.
The intrusion cam in the form of a spear-phishing email sent to lab employees on April 7. The email was sent as an email from the human resources department, discussed employee benefits and included a link to a malicious web site, where the malware exploited IE vulnerability to download additional code to users’ machines.
The code that was used exploited an IE zero day vulnerability that Microsoft then patched on April 12. The exploit was describe as a critical remote-code execution vulnerability., with allows attackers to install malware on a user’s machine if he/she visits a infected website.
About 530 employees received the email but only 57 clicked on it allowing it to hook 2 computers in the scheme. The lab took precautions as soon as they were alerted to the issue and began blocking emails as soon as they began to come in.
On April 11, administrators discovered that a server had been breached when data began leaving he network. As workers cleaned up the infected system, early Friday evening, “a number of other servers went active with the malware.” The malware had laid dormant for a week before it awoke on those systems. At that point the lab took steps and BLOCKED INTERNET access.
The LAB is still working to this date to characterized the malware so they can be certain they have completely eradicated it.
Zacharia, was unable to say what the attackers stole or where the data went. He would also not say whether NSA encryption experts were amount those assisting in the investigation. Knoxnews confirmed through Microsofts, public relations firm that they were assisting in the probe on the attack.
This attack is the 2nd such attack since 2007 when a similar spear phising attack allowed hackers to access a non-classified data base at the lab and gain access to thousands of name, SSN records and birthdates belonging to anyone who had visted the lab between 1990 and 2004.
More Stories
Facebook Paying Social Media Users to Suspend Accounts Ahead of November Elections
Facebook is offering money to those who are willing to stop using Facebook and Instagram in the weeks before the...
Multiple nation-state groups are hacking Microsoft Exchange servers
Multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers. (more…)
The rare form of machine learning that can spot hackers who have already broken in – MIT Technology Review
Darktrace’s unsupervised-learning models sound the alarm before intruders can cause serious damage. — Read on www.technologyreview.com/s/612427/the-rare-form-of-machine-learning-that-can-spot-hackers-who-have-already-broken-in/
Hackers Delete Thousands of Dark Web Pages • Digit
Hackers have permanently deleted 6,500 hidden services that were hosted on the Daniel's Hosting dark web server. — Read on...
Mining Botnet Conscripts 5000 Android Devices
A fast-moving botnet that appeared over the weekend has already infected thousands of Android devices with potentially destructive malware that...
Surviving Electmageddon: Protecting against a wave of DNS outages
This is a re-print of an excellent article posted this week regarding setting up multiple DNS addresses. To protect...