Lance Bellers - Fotolia
Unnamed White House officials have confirmed that hackers recently infiltrated the unclassified network at the U.S. government building, with a report linking the incident to state-affiliated actors from Russia.
The Washington Post reported late Tuesday that White House officials confirmed that a breach had occurred, but insisted that hackers did no damage to any systems and that the classified network remained unaffected. Officials also provided no comment on whether data was stolen or who exactly was suspected in the attack.
The incident is currently being invested by the FBI, Secret Service and National Security Agency.
"In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network," said one unnamed White House official to the Washington Post. "We took immediate measures to evaluate and mitigate the activityâ€¦ Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it."
Unnamed sources told the Post that a U.S. government ally informed the White House of the suspected breach approximately two to three weeks ago, and that the incident was consistent with state-sponsored hacking campaigns witnessed in the past. For instance, Reuters reported a recent probe by the Senate Armed Services Committee that linked hackers backed by the Chinese government to breaches at a number of contractors hired by the U.S. government, particularly those involved with the movement of U.S. military troops and equipment.
More notably, Russian hackers have long been suspected in hacks aimed at the U.S. government and its allies, including a 2008 breach of the U.S. military's classified networks. Threat intelligence vendor iSight Partners recently unearthed evidence that a Russia-based hacking team had targeted the NATO alliance, Ukrainian government and others with a Windows zero-day vulnerability, which was patched by Microsoft in this month's Patch Tuesday release.
Threat detection vendor FireEye Inc. also released a report this week detailing the activities of a suspected Russia-based hacking group dubbed APT28, which the company linked to attacks dating as far back as 2007 against Georgia, who was in conflict with Russia at the time, and other Eastern European governments.
Russia-based hackers like APT28 stand apart from those backed by China, according to FireEye, because they are seemingly not interested in the theft of intellectual property. Research suggests the group is unlikely to be an independent hacking group because it does not focus on financial theft, only targets that would be of interest in nation-state-sponsored operations.
"APT28 is most likely supported by a group of developers creating tools intended for long-term use and versatility, who make an effort to obfuscate their activity," said FireEye researchers in the company's report. "This suggests that APT28 receives direct ongoing financial and other resources from a well-established organization, most likely a nation state government."
Kremlin hackers got into White House computers. PS when they say, "it was only UNCLAS systems no biggie" be skeptical http://t.co/pIAaAZHTCIâ€” John Schindler (@20committee) October 29, 2014