The Pentagon’s Joint Staff email remains down amid a new and different vulnerability DoD has never before seen being exploited (emphasis added):
For more than 10 days, some 4,000 users on the Defense Department network have been without their email while military cyber experts have tried to scrub and rebuild the network. Spear phishing attacks are emails to employees that dupe them into giving up their network credentials.
Military cyber experts have concluded the attackers were specifically targeting the Joint Staff, hoping to learn what they could from the unclassified email network. The Joint Staff are the military and civilian personnel who serve the Chairman of the Joint Chiefs on issues ranging from budgeting to military operations.
No classified networks were penetrated, officials said. The attack has the hallmark of one by a foreign government, but they still are not certain, officials said.
The spear phishing attack, however, successfully penetrated the unclassified email at multiple points, the senior official said.
All of the required cyber protection and patches were in place, but the attack still was able to find a way into the network that the U.S. government had not seen before, according to the preliminary analysis, the official said.
I wonder what novel exploitation was used to allow the malicious actors to gain access to a DoD network. What is even more curious to me, is how come host-based security system was unable to prevent the attack?