The hacking group that targeted unclassified email systems at the U.S. Department of State and the White House is believed to have also compromised a network used by the Joint Chiefs of Staff, a body of senior U.S. military leaders.
The email system used by the group was compromised in the last week of July, according to reports by NBC News and the Daily Beast. NBC said it affected around 4,000 staff who work at the Joint Chiefs of Staff.
Targets were said to have been sent spear phishing emails—customized messages that likely appeared to come from trusted contacts with embedded links to documents or other content. When clicked, those links would have resulted in the download of malware that compromised their computers.
The Joint Chiefs of Staff has not said anything publically about the breach, but news reports said investigators believe it to be the work of a Russian hacker group. The same group got inside the State Department’s unclassified system last year and also accessed parts of the White House network, gaining access to some correspondence sent and received by President Obama.
Within the U.S. government, classified material is carried on networks physically separate from the Internet and there is no suggestion that these were compromised. Still, access to an unclassified network could still allow attackers to gain access to material that is sensitive.
Last week, the Daily Beast reported that the Department of Defense had warned at least five Department of Defense computer users had been targeted by hackers in recent weeks.
The email apparently came from the National Endowment for Democracy and contained a link to a compromised server on its network where the malware was hosted.