A large campaign launched by a single hacking group has managed to infiltrate multiple agencies within the Washington state government, according to reports. Ransomware does not appear to be involved, officials say.
The state of Washington is in the midst of battling a large phishing campaign, one that appears to have affected multiple state agencies.
In an attack Bloomberg News referred to as both "sprawling" and "sophisticated," a hacker group apparently deployed various forms of malware via phishing messages disguised as "legitimate email from state agencies, financial institutions and other people and organizations."
Clarifying the nature of the attack, Mike Faulk with Gov. Jay Inslee's Office said that the state had been "experiencing large volumes of phishing emails." Most of these attacks have begun "with phishing campaigns that try to trick you into downloading malware or provide account credentials."
That malware — which has apparently included notorious strains like Trickbot and Emotet but not ransomware — has infected numerous agencies. Some agencies have been more affected than others, Inslee said during a press conference last week.
Inslee added that his administration has activated the state's Emergency Operations Center, responsible for coordinating with state, local, federal and private stakeholders to effectively respond to public emergencies. While state services do not seem to be meaningfully impaired by the attack, it may be necessary to take "certain applications offline temporarily for necessary maintenance," according to Washington Technology Solutions (WaTech), the state's IT agency.
"At the moment, the report we have is that it has not compromised state services," Inslee said Thursday. "But we intend to be very alert and aggressive to defend ourselves. We are standing up our emergency operations center so that we can use the full emergency resources and power [of the state] against this nefarious attack."
With the attack occurring so close to the upcoming U.S. presidential election, it seems a natural concern that the campaign may have been aimed at disabling electoral processes, but officials say election systems remain unaffected.
"There has been no indication of compromise at the Office of the Secretary of State and its elections systems, and the voter registration and information portal VoteWA.gov remains secure and available for the public to safely use," said Kylee Zabel, with the Secretary of State's Office, in an email. "We have no reason at this time to believe the threat is targeted at elections."
Officials shot down the idea that the attack was specifically targeted at Washington's government.
"In terms of scope, many public and private organizations across the country have been experiencing similar phishing campaigns," said Andrew Garber, communications program manager at WaTech.
Editor's note: Andrew Garber's title has been corrected.
Never miss a story with the daily Govtech Today Newsletter.