The Virginia Department of Environmental Quality’s website was reportedly targeted by hackers who managed to exploit a system vulnerability. The attackers allegedly gained access to the site due to a vulnerability in the software of the website’s content management system.
The incident was reportedly discovered on May 22. The website was down for two weeks after the attack but has since been restored, the Department of Environmental Quality spokesperson Ann Regn reportedly said.
“A malicious party got into the system; however, the intruder was detected early by VITA and blocked, preventing significant changes,” Marcella Williamson, a spokesperson for the Virginia Information Technologies Agency, told the Richmond Times-Dispatch. VITA reportedly oversees the state government’s cybersecurity.
According to Williamson, the attack was “detected and contained quickly”. The agency also reportedly has not detected any further intrusions at any other state department.
“The attacker was initially targeting the systems hosting the website and, it appears, further into other IT systems. Since this incident was discovered prior to compromising any additional IT, we can’t be sure of the ultimate goal,” Williamson told the Richmond Times-Dispatch.
The state government has failed to pinpoint either the identity or the motive of the hacker. However, this is not the first time that a US government department has been affected by major cyberattacks.
In a recent ransomware attack that crippled the city of Atlanta, the police department lost years of dashcam footage, including potentially critical evidence. Earlier this month, Chinese hackers stole around 600GB of classified submarine warfare data from a US Navy contractor.
US government agencies are not the only ones targeted by such attacks. A new North Korean malware dubbed NavRAT targeted various private and government organizations in South Korea.
These incidents suggest that government agencies and private organizations across the globe need to beef up their security to stay safe from cyberattacks.