In a proactive move, the Department of Homeland Security’s U.S. Computer Emergency Readiness Team sent out warnings across the government about the Pentagon email attack just days after it was discovered:
A threat analyst who helped establish US-CERT criticized the alert’s paucity of information on what infected computer systems look like.
DHS would not comment on whether there is any relationship between the advisory for federal offices and private companies and the apparent military data breach. A DHS spokesman said Friday he had no comment regarding the Joint Staff incident, in general.
FBI officials, as of Friday late afternoon, had no information to offer about the Joint Staff situation.
The warning said some of the spearphishing emails are tailored to copy sensitive government and business information. Others can roil an organization’s entire network.
“US-CERT is aware of three phishing campaigns targeting U.S. government agencies and private organizations across multiple sectors,” DHS officials said in the notice, which posted Aug.1. “Most of the websites involved are legitimate corporate or organizational sites that were compromised” by the attackers.
Over the past two months, there have been reports of “multiple, ongoing and likely evolving” attacks that unfold when an employee clicks a link to a website in the email, according to US-CERT.
Why did it take days after the attack discovery for DHS CERT to warn US government agencies? I expect hours at the most, not days.