Russia is the leading suspect in a sophisticated cyber attack on the unclassified e-mail network of the U.S. Joint Chiefs of Staff, forcing the military command to shut the system down, U.S. officials said August 6.
The hack was a spearphishing attack, officials said, which involves scammers sending e-mails that purportedly are from colleagues. If the e-mail's attachments are double-clicked, they introduce malware into the system.
The hackers used an automated system that rapidly gathered massive amounts of data, but no classified information appears to have been seized or compromised, officials said.
Officials told Reuters the attack bore the hallmarks of a foreign state, as opposed to a less sophisticated hacker.
The Pentagon confirmed the unclassified e-mail system of the Joint Staff, which employs about 2,500 civilian and uniformed personnel, was taken offline for two weeks pending an investigation.
The rest of the Pentagon appeared to be unaffected.
"We continue to identify and mitigate cybersecurity risks across our networks," Pentagon spokeswoman Lieutenant Colonel Valerie Henderson said.
"With those goals in mind, we have taken the Joint Staff network down and continue to investigate. Our top priority is to restore services as quickly as possible."
In late April, U.S. Defense Secretary Ash Carter blamed Russian hackers for a cyber intrusion on an unclassified U.S. military network, saying they discovered an old vulnerability that had not been patched. The Pentagon quickly identified the compromise and hunted down the intruders.
Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, a cybersecurity firm, said his company had seen a "massive escalation" in cyber attacks tied to the Russian government since sanctions were imposed last year over Moscow's aggressive actions in Ukraine.
He said he had no information on the alleged attack on the Joint Staff network, but his firm had detected a large number of attacks against U.S. national security agencies and commercial companies by a hacker group called "Cozy Bear" that had clear ties to the Russian government.
Cozy Bear has engaged in a variety of cyber attacks, ranging from spearphishing to more sophisticated and complex attacks. The latest set of attacks used hundreds of e-mails with a zipfile attachment that, if double-clicked, could introduce the malware to an organization's networks, Alperovitch said.
"Once they get a beachhead, their tradecraft is very, very good," he said.