It was announced this week that the U.S. State Department was forced to shut down its unclassified email system in order to evaluate damage created by a potential data breach. According to the Associated Press, the email system was shut down in order to make repairs and upgrade security after suspicious activity was detected on the system recently.
While service was only disconnected this week, abnormal activity was identified on the email system back in late October. None of the classified email systems belonging to the State Department appear to have been compromised in the potential intrusion, according to a senior official with the department. The agency has said it expects email service to be restored in the near future.
Suspects have yet to be named by the State Department in what is now the fourth security incident involving a government agency in the past few months. According to The New York Times contributor Nicole Perlroth, it has been suggested by security experts that hackers are using the recent breaches as a means to probe agency networks and discover what types of data are being stored in each system. In an interview with the AP, an agency official said the most recent breach was related to a similar incident that recently affected the White House’s Executive Office of the President.
While the White House breach was believed to be the work of Russian hackers and similar intrusions into the U.S. Postal Service’s email systems and the National Oceanic and Atmospheric Administration were attributed to Chinese actors, it remains unknown who may have been behind the possible State Department hack. As Perlroth noted, it can be hard to accurately identify which group or nation-state cybercriminals belong to, as attackers are typically routed through compromised Web servers in multiple countries.