Skip to Content

Scammers posed as tech support to hack employees at two US agencies last year, officials say

<i>Adobe Stock</i><br/>Cybercriminals hacked employees of at least two US federal civilian agencies last year as part of a
Syda Productions - stock.adobe.c
Adobe Stock
Cybercriminals hacked employees of at least two US federal civilian agencies last year as part of a "widespread" fraud campaign that sought to steal money from individuals' bank accounts

By Sean Lyngaas, CNN

Cybercriminals hacked employees of at least two US federal civilian agencies last year as part of a “widespread” fraud campaign that sought to steal money from individuals’ bank accounts, US cybersecurity officials revealed Wednesday.

In one case, the unidentified hackers posed as tech support, convinced a federal employee to call them and then instructed the federal employee to visit a malicious website, according to the advisory from the US Cybersecurity and Infrastructure Security Agency, National Security Agency and a threat-sharing center for state and local governments known as MS-ISAC.

The goal of the scam, which appears to have hit both private sector and government agencies, was to trick victims into sending the scammers money. It was unclear if that happened in the case of the federal employees.

The episodes underscore how federal officials, like others, can be duped into sharing sensitive financial information — and that they might not find out about it for weeks or months afterward.

CISA discovered the activity in October 2022, but the hackers had been sending phishing emails to federal employees’ personal and government email accounts since at least June, according to the advisory.

Forensic analysis “identified related activity” on many other federal networks in addition to the two initial agency victims, the advisory said.

While financially motivated crooks were apparently behind this campaign, the US agencies said they were concerned such hackers could sell stolen data to government-backed spies. The legitimate tech-support software used in the scam is useful for hackers looking to maintain covert, long-term access to a network, officials said.

The-CNN-Wire
™ & © 2023 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.

Article Topic Follows: CNN - Politics

Jump to comments ↓

CNN Newsource

BE PART OF THE CONVERSATION

KION 46 is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.

Skip to content