When the news broke last year of the attack officials were quick to down-play the incident, citing “activity of concern“ on the unclassified Executive Office of the President network. But new information has confirmed the hackers gained access to highly sensitive information.
The New York Times cites “senior American officials” who have confirmed the President’s email was among the information set up in the attack. While the exact number and breadth of the reach has not been released, information including “schedules, email exchanges with ambassadors and diplomats, discussions of pending personnel moves and legislation, and, inevitably, some debate about policy” was said to have been tapped.
While officials say no classified information has been compromised, it is information that the White House would not want to become public. The release of President Obama’s schedule to a foreign and perhaps dangerous group has been one of the most worrisome issues at hand for obvious security reasons.
The White House hack is on a list of elite government organizations who have fallen victim to the assumed Russian hacker group. Previously they exploited an unknown flaw in Microsoft’s Windows operating system and used it to spy on NATO and the Ukrainian government using automated email marketing.
According to iSight Partners, a cybersecurity firm, the group has been active since at least 2009, and have also targeted a Polish energy firm, a Western European government agency and a French telecommunications firm.
Researchers from Kaspersky Lab, internet security specialists, say the “phishing” malware used in the White House attacks is similar to cyberespionage tools already suspected to be of Russian origin, deemed “CozyDuke,” and the nature of the target is consistent with a state-sponsored campaign. “The CozyDuke actor often spearphishes targets with emails containing a link to a hacked website – sometimes to high profile, legitimate ones such as ‘diplomacy.pl’ – which hosts a ZIP archive rigged with malware,” reads the Kaspersky Lab report. “This actor sends out phony flash videos with malicious executables included as email attachments.”