Alaska Discloses 'Sophisticated' Nation-State Cyberattack on Health Service (therecord.media) 11
A nation-state cyber-espionage group has gained access to the IT network of the Alaska Department of Health and Social Service (DHSS), the agency said last week. From a report: The attack, which is still being investigated, was discovered on May 2, earlier this year, by a security firm, which notified the agency. While the DHSS made the incident public on May 18 and published two updates in June and August, the agency did not reveal any details about the intrusion until last week, when it officially dispelled the rumor that this was a ransomware attack. Instead, the agency described the intruders as a "nation-state sponsored attacker" and "a highly sophisticated group known to conduct complex cyberattacks against organizations that include state governments and health care entities."
Invite experts from Estonia (Score:4, Interesting)
The little Baltic country had to defend its networks from Russian onslaught [bbc.com]. They succeeded too — perhaps, Americans ought to invite help of Estonia, a fellow NATO-member...
Round up the usual suspects... (Score:2)
I am always sceptical when I hear that a government department or corporation that has failed to protect its computers from attack is nonetheless able to identify the attackers. The same goes for Mandiant, whose role is unclear. Were they just passing by when they noticed the door hanging open and the windows smashed? Or were they working for the ADHSS in some capacity?
Re: (Score:2)
Were they just passing by when they noticed the door hanging open and the windows smashed? Or were they working for the ADHSS in some capacity?
I would say they were almost certainly brought in to do incident response and forensics. They may have or may not have had a ore-existing relationship to help with table top exercise, pen test, and response planning.
Pretty she they did not just notice some broken windows
Re: (Score:3)
Then it occurred to me that (Alaskan) Senator Lisa Murkowski comes up for re-election next year. So... if you wanted to "tip the scales" in Alaska and you could get access to state infrastructure, maybe that would give you a route to forging identities on a whole-sale basis, right? I have ZERO evidence to support this - just "thinking out loud".
I'm not sure which is the least plausible - that a nation state would take an interest in Alaska's m
Re: (Score:2)
There's no particular reason that the scenario you mention couldn't be a "both...and..." scenario. Nation-states are also known to occasionally want an infusion of cash from outside. And sometimes there's someone running a department there that isn't totally honest. Lots of possible scenarios for movie plots where you don't need any evidence.
Or perhaps you could mangle it into a reframe of "The Producers".
Re: (Score:2)
I am always sceptical when I hear that a government department or corporation that has failed to protect its computers from attack is nonetheless able to identify the attackers
Well identifying who it was isn't exactly rocket science, 99.99% of all attackers can be identified by the following:
translation (Score:3)
"'Sophisticated' Nation-State Cyberattack on Health Service" - Translation we know this happened because someone made a decision that every arm-chair expert will recognize as bad and we haven't a clue who is really behind it but there was Cyrillic in a string so - RUSSIA
Sophisticated? (Score:2)
It said "Click here to win a pony" insterad of "Click here to get infected"?
Sophisticated cyberattack ? (Score:2)
Re: (Score:2)
Patient's own data backup (Score:1)
Perhaps patients should have a backup of their own data...?