The Louisiana National Guard was called in to stop a set of cyberattacks targeted at small government offices throughout the country in recent months, based on two individuals with knowledge of the events, highlighting the threat facing local governments in the run up into the presidential election.
The situation in Louisiana follows a similar case in Washington state, according to a cybersecurity advisor acquainted with the issue, in which hackers infected some government offices with a kind of malware known for deploying ransomware, which locks up systems and needs payment to recover access.
Senior US safety officials have warned since at least 2019 that ransomware poses a threat to this US election, specifically an attack against certain state government offices across the election might disrupt systems necessary to administer facets of the vote.
It is unclear if the hackers sought to goal systems tied to the election in Louisiana or were simply hoping for a payday. Nevertheless the attacks raised alarms because of the possible harm it could have led to and because of evidence suggesting a complex hacking group had been included.
Experts exploring the Louisiana episodes found a tool employed by the hackers who was previously linked to a team related to the North Korean authorities, according to a individual familiar with the investigation.
This tool was described to Reuters as a remote access trojan, or RAT, employed to infiltrate computer systems. But cybersecurity analysts who have analyzed this RAT – called “KimJongRat” – state some of its code had been publicized in a computer virus repository, where hackers can copy it; making attribution to North Korea not as specific.
While staff at several government offices in northern Louisiana were threatened as part of the effort, based on the 2 people knowledgeable about the incident reaction, the cyberattack has been stopped in its early stages before significant harm was done.
The Louisiana National Guard failed to comment on the incidents. Even the Governor’s office stated they could not comment on an ongoing investigation.
Tyler Brey, a spokesman for the Louisiana Secretary of State’s office,” said Louisiana is still a “top down state,” where election data is stored in the secretary of state’s workplace, which can make it easier for election officials to recuperate from cyberattacks.
One person familiar with the events said they assessed the hacker’s aim was to infect computers using ransomware, but added it was hard to determine because the assault was stopped in its early stages.
If this is the case, Louisiana wouldn’t be the very first. During the previous year, many US cities are victimized by ransomware, including: events in Baltimore, Maryland, and Durham, North Carolina.
THE BIG QUESTION
Jen Miller Osborn, deputy director of threat intelligence for US cybersecurity vendor Palo Alto Networks, monitored a hacking team last year that employed KimJongRat. She stated it’d be “atypical” to your team she has studied to conduct a cyber operation for monetary gain.
A prior cybersecurity research report in 2013 from Luxembourg company iTrust Consulting noted that KimJongRat was composed with Korean computer code that carried references into the North Korean leader’s family members.
Emotet, an increasingly common trojan frequently used against banks, has been also deployed with the attackers and found on computers in Louisiana. When employees were hacked, their email accounts could sometimes be co-opted from the hackers to send malware to other colleagues.
On October the 6th, the Homeland Security Department’s cybersecurity division, called CISA, published an alert saying Emotet was used to target several community government offices across the country.
In recent cases where cybercriminals have gone after nearby government offices since the election approaches, such as in Washington, US officials together with tech companies like Microsoft Corp are racing to better understand if the hackers discuss connections with overseas intelligence agencies out of Russia, Iran, China and North Korea.
“It’s a very interesting question and something we are digging into and trying to find data, information, and intelligence that would help us understand that better,” Microsoft VP Tom Burt explained in a recent interview.
“There are a small number of criminal groups who are responsible for the majority of the ransomware attacks and so understanding who they are, how they’re organized, who they work with, where they are operating from, is something we’re working on,” Burt added.
Microsoft is among a select set of cybersecurity companies helping react to the attacks in Washington, where they’ve offered cybersecurity protection software for free to local authorities officials until the election,” according to a individual familiar with their response.
A Microsoft spokesperson declined to comment on the firm’s job there.
The team at Platform Executive hope you have enjoyed this news article. Initial reporting via our official content partners at Thomson Reuters. Reporting by Christopher Bing. Editing by Chris Sanders and Edward Tobin.
To stay on top of the latest developments across the platform economy and gain access to our problem-solving tools, databases and comprehensive content sets, you can become a member for just $7 per month.