The following is a Google translation of a recent news story by Hugo Joncas:
Hackers have managed to infiltrate the Justice Department’s system, and even send malware to citizens who traded with these addresses.
The ministry was careful not to warn the public about the attack, but after many questions from our Bureau of Investigation, it issued a terse statement last night.
Justice Quebec is however miserly on details. In its responses to the Journal , the ministry nevertheless acknowledges that the hackers managed to infect 14 mailboxes on August 11 and 12. They were able to access the email addresses of citizens who spoke with these boxes.
Read more on Le Journal de Montreal.
So it seems not only were the as-yet-unidentified attackers able to compromise mailboxes, but they were able to send out email with malware to infect recipients’ systems. While the Justice Department appears to have responded quickly to the attack to contain it, their lack of transparency and failure to warn people who may be at risk is troubling. I would have hoped for the department to issue a notice warning the public that if they receive any email that appears to be in response to any past correspondence with the agency, then it may contain malware. The minister’s failure to warn the public and to tell them what to do if they receive an email from an unrelated email address but that contains old correspondence between the recipient and the government is a bit shameful, frankly.
Thanks to “Scsideath,” who contacted me about this incident and informs me that he had been given samples of the malware and could confirm that it is emotet.