Pentagon restores hacked network

Getty Images

The Pentagon has restored the Joint Chiefs of Staff’s network just over two weeks after suspected Russian hackers infiltrated the network’s unclassified email system.

The Defense Department confirmed Monday that the Joint Staff network had been brought back online after cybersecurity staff wiped the system of digital intruders or any malicious software they may have left behind.

{mosads}“While any intrusion or attack upon our network is troubling, each attempt to intrude upon our networks offers a learning opportunity to improve our ability to effectively respond and bolster our cyber defenses and network security,” said DOD spokeswoman Lt. Col. Valerie Henderson in a statement. “We have full confidence in the integrity of the DOD networks and systems.”

According to reports, officials discovered the cyber attackers within the Joint Staff email system sometime around July 25. The Pentagon’s cyber squad quickly shut down the network, leaving roughly 4,000 workers without email for several weeks.  

NBC News reported the email system was brought back online Monday.

Henderson said an investigation showed that the network had been cracked through a “broad phishing campaign,” in which hackers lure targets into clicking on a nefarious link or downloading an infected document.

“Given indicators of suspicious activity, elements of our cyber workforce isolated the Joint Staff unclassified network from the larger DOD information network and the Internet,” Henderson said.

“Isolating the Joint Staff network enabled us to conduct a systematic process to hunt for adversaries, mitigate any malicious activity, confirm network security and integrity, and further harden defenses,” she added.

While officials acknowledged the hack, they maintained no classified information had been accessed or stolen.

The digital intrusion may be tied to a Moscow-backed hacking group known as APT29.

The team uses a previously unseen tactic known as Hammertoss, in which hackers clandestinely communicate with embedded malware through dummy Twitter accounts. Security firm FireEye has said the strategy displays a “discipline and consistency” that is virtually unparalleled among other advanced hacking groups.

During Thursday’s first Republican presidential debate, Sen. Ted Cruz (R-Texas) alleged the attack was timed to coincide with secretive meetings between Qassem Soleimani, a major general in the Iranian army, and Russian leaders in Moscow.

Congress is currently debating whether to accept a deal to limit Iran’s nuclear weapons program in exchange for lifting sanctions on Tehran. Some have argued rolling back sanctions will allow Iran and Russia to strengthen ties.

“The day Soleimani flew back,” Cruz said, “was the day we believe Russia used cyber warfare against the Joint Chiefs.”

The Joint Staff email attack is not the first time Russia has been suspected of breaching the U.S. government.

Defense Secretary Ashton Carter revealed in April that Russian hackers had broken into the DOD’s unclassified networks for a brief moment. Moscow-backed cyber spies are also thought responsible for intrusions at the State Department and White House last year.

— Updated 1:56 p.m.

Tags Ted Cruz

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.