According to a Fox News report, the U.S. State Department was the victim of a serious hacker attack in recent weeks. It is currently not known what the extent of the breach was or when it was discovered.
According to an unnamed source, the outlet reported that notifications had been issued by the Department of Defense Cyber Command about a possible serious breach. Fox reported that State Department operations were not affected by the attack. However, it is unclear if the attacks affected the Department of Defenses Cyber Command, which oversees the evacuation of thousands of Americans from Kabul, Afghanistan, following the withdrawal of U.S forces.
At this point, the identity of the alleged perpetrators remains unknown. Fox News reported that the State Department had not confirmed or denied the purported attack.
A spokesperson for the department said that the Department takes its responsibility to protect its information seriously and is constantly taking steps to ensure it is protected. We are not able to discuss the scope or nature of any alleged cybersecurity incidents for security reasons.
Reuters said that a source knowledgeable about the department confirmed that there have been no significant disruptions to its operations and no hiccups. The incident was not confirmed by Reuters.
Fox News noted that the disclosure of a possible cyberattack occurred at the same time as the Senates Committee on Homeland Security and Government Affairs published its federal cybersecurity report.
The report revealed that 60% of sample employees who had access to the classified network could not be provided documentation by the agency. The State Department also kept thousands of employee accounts open even after employees had left the agency for long periods of time. In some cases, this was as much as 152 days after employees retired, quit, or were fired from its classified and unclassified network.
The report said that hackers or former employees could use these credentials to gain access State sensitive and classified information while pretending to be authorized users.
Analysis of State Departments systems revealed that the agency did not address vulnerabilities. Ten systems had 450 vulnerabilities that were considered critical and 736 with high risk.
Overall, cybersecurity practices at the State Departments received a D rating. This is one of the lowest ratings.