U.S. Treasury thwarted attack by Russian hacker group last month-official
By David Lawder
WASHINGTON (Reuters) – The U.S. Treasury last month repelled cyber attacks by a pro-Russian hacker group, preventing disruption and confirming the effectiveness of the department’s stronger approach to financial system cybersecurity, a U.S. Treasury official said on Tuesday.
The Treasury has attributed the distributed denial of service (DDoS) attacks to Killnet, the Russian hacker group that claimed responsibility for disrupting the websites of several U.S. states and airports in October, said Todd Conklin, cybersecurity counselor to Deputy Treasury Secretary Wally Adeyemo.
The incident, not previously reported, occurred a couple of days before similar attacks from Killnet on U.S. financial services firms, Conklin told a financial services industry and regulator conference on cybersecurity.
Killnet claimed on Oct. 11 that it had attacked JPMorgan Chase & Co’s network infrastructure, but the bank reported no impact on its operations.
Conklin described the attack on the Treasury as “pretty low-level DDoS activity targeting Treasury’s critical infrastructure nodes.”
In line with new procedures adopted under the Biden administration, he said the Treasury quickly shared internet protocol (IP) addresses used in the attack with financial services firms. This confirmed that the Treasury’s new approach to share more tactical information about cyber threats was effective.
Adeyemo told the conference the incident was a “stark reminder” that Treasury and financial services firms face the same threats, especially since Russia launched its war on Ukraine in February.
“Before and over the course of this unconscionable invasion, we have remained in close contact with many of you to provide critical updates, flag potential risks, and ensure we are giving you what you need to keep your systems secure,” Adeyemo told the regulator-led Financial and Banking Information Infrastructure Committee (FBIIC) and the industry-led Financial Services Sector Coordinating Council (FSSCC).
Adeyemo called for the two groups, launched 20 years ago after the 9/11 attacks, to deepen their cooperation to drive cloud and data protection workstreams and focus on new systemic risk issues.
(Reporting by David Lawder, editing by Deepa Babington and David Gregorio)