Lorenzo Franceschi-Bicchierai reports:
The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.
The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years.
Read more on Motherboard.
Do as I say, not as I do.
The government is quick to inspect other entities with a pressurized attack, scans and inflated cumulative results, but within the Federal side, its been the absolute worse for grades. They typically grade a D or an F for security.
If a Hacker sees an article that points to a ripe target, one that is not STIG compliant, I am sure they are in within a short period of time. Places that have really high vulnerability scores typically have a staff that either doesn’t know what the hell they are doing, or they are simply not educated in security. They applied for a position that is nothing more than a grazing plot until retirement.
This isn’t new news. The news reported that outside entities were in the state department probably in the past 1-2 years, and they are having a hard time getting the “unauthorized” out. The unauthorized probably have text files with username and passwords for multiple domains. Worse yet, its probably many breaches based on password reuse.
Absolutely incredible that in a digital world, the antiquated networks of the most powerful government in the world could easily be its demise. The laws are simply weak and too generic. The government must be sitting on pins and needles all the time, scared that something might revolt and kick the incompetent out of there comfy-til-retirement seats