The United States government was attacked with ransomware attacks during the past two years, including one time by a joint operation with Israel, Gen. John Hyten, head of U.S. Strategic Command, acknowledged in a rare interview.
The US and Israel hacked into a ransomware group operating across the Middle East and successfully evaded attack from the group, Stuxnet. Cyber experts have widely speculated over the last few years as to who was behind the Stuxnet virus and what it might have been used for. Most think it was used to disable centrifuges and some type of nuclear plant in Iran, but some suspects are saying that it could have been used to target modern missile technology in North Korea.
Stuxnet, along with the Flame and Wannacry viruses, were security attacks that appeared to be aimed at limiting cyberwarfare in the Middle East or in Western militaries. It took two years to recover from all the malware used to compromise data or shut down machines at power plants, oil refineries, media firms and factories and recovered from many of them.
According to a USA Today interview with Hyten, the threat of this kind of attack is “common” and states “are stockpiling” such malware. “We had an instance during two years ago of an attack that we believe originated in North Korea and was ransomware in nature that shut down power plants,” Hyten told USA Today.
In response to questions about such attacks, Hyten said that after the US and Israel broke into the group and infiltrated their computers to seek out the command and control servers of the group, they were able to monitor and cut the group’s operations. One part of the group was believed to be active in Lebanon and Syria, while the other part of the group is believed to be based in Russia.
Hyten declined to describe the malware that the US and Israel used, however they have previously described the Stuxnet malware as complex, and difficult to defend against. In 2015, U.S. Department of Justice lawyers testified that Stuxnet targeted “straw purchasing” computers so that U.S. companies could produce generic viruses.
The claims from US officials may suggest that they are launching more cyberattacks against governments overseas, and particularly against the military in those states, which is possible given their apparent success in penetrating Russian-backed Internet services, like Yandex in Ukraine.
If that is the case, it could suggest that the US wants to gain a better understanding of how often state cyberattacks may be going on, and that means it is likely that more states are planning to launch an attack against the US that is designed to cause damage.
It is not known if Hyten also discussed Stuxnet on the defensive side of the fight, but it is likely that other cyber offensive operations were also discussed during the interview.