Threat spotlight: Spike in leaked government data
Add Axios as your preferred source to
see more of our stories on Google.
Allegedly stolen datasets from government websites have started to appear more frequently on hacker forums in recent weeks, an executive at a top ransomware negotiation firm told Axios.
Why it matters: The datasets appear to include access to sensitive government systems and details about classified operations.
- If the information is legitimate, cybercriminals could use it to inform future attacks or share it with adversarial governments.
Threat level: Hackers are claiming to have gotten high-level access to the Pentagon's Defense Logistics Agency, broken into defense contractors' systems, and compromised a Pentagon employee's account, according to Kurtis Minder, co-founder and CEO of GroupSense.
- Claims of this nature aren't new, but Minder said his team has seen a spike in the number of reportedly breached government systems in recent weeks.
- While it's unclear what's motivating this spike, Minder noted that "there's always room for this kind of thing" whenever internal organizational processes are "shaken up."
Driving the news: The inspector general's office at the General Services Administration found in a recent audit that officials in the Biden and Trump administrations improperly uploaded sensitive documents to an insecure Google Drive.
Zoom in: In screenshots shared with Axios, hackers are claiming to have access to internal user management systems that log which devices employees are using to access government services and what their security clearance levels are.
- Others are claiming to have accessed accounts with administrator privileges and are selling information about classified logistics operations.
- Another post claims to be selling more than 100 gigabytes of data from various U.S. government agencies, including the NSA, FBI and CIA.
Yes, but: None of these datasets have been validated, and cybercriminals have been known to either lie or embellish their findings in their listings on dark web forums.
- Some of the users sharing these screenshots have a decent reputation, Minder added, and aren't known for sharing fraudulent or overhyped listings.
- Listings for the datasets have also been appearing in certain Telegram channels where administrators vet claims before allowing the posts to be sent, Minder added.
The big picture: The trade war between the U.S. and China promises to escalate each country's espionage campaign against the other.
- China has a long history of hacking defense contractors and other government-adjacent companies to steal U.S. government secrets and inform its own economic investments.
