Friday 28th January 2022

BLOG: Cyberattacks on the United States Government

A wide variety of United States Government institutions have been previously targeted by threat actors in a range of operations. Incidents have included Magecart incidents, spear-phishing campaigns, data breaches, ransomware, and cyber-espionage operations. Threat actors have not only targeted the US Government directly but also organizations that contribute to US Government directly like, the Democratic National Committee or US critical infrastructure, like Colonial Pipeline and the US farmer cooperative NEW Cooperative.

Cyber campaigns have been undertaken by nation-state actors and cybercriminals alike, and in 2019 the US Government accounted for 5.6% of data breaches and 2.1% of exposed records[1]. Data breaches and operations targeting the US Government are primarily the responsibility of the US Department of Defense. The US Government’s budget allocated $88 billion to government IT expenditure in 2019 and the US Government allocated $18.78 billion to its cybersecurity resources. As the primarily recipient of this budget the DoD is responsible for both digital and non-digital attacks.

Prominent incidents have included:

  • June 2016 – DNC targeted by Russian threat actors APT28 and APT29
  • July 2018 – US bank suffered a loss of $2.4 million after falling foul to two identical phishing campaigns in eight months
  • January 2020 – Ryuk ransomware targets US government contractor Electronic Warfare Associates (EWA) an electronics supplier to US Department of Defense (DoD), Department of Homeland Security (DHS) and the Department of Justice (DoJ)
  • January 2020 – Iranian state-actor OilRig targets US federal workers in malicious email phishing campaign
  • January 2020 – Hactivists target US Government website and deface it with pro-Iran messages
  • March 2020 – US Department of Health and Human Services (HHS) targeted in coordinated DDoS campaign
  • June 2020 – City of Knoxville, TN shut down its IT network after falling victim to a ransomware incident
  • June 2020 – Magecart skimmer targets payment systems of eight US city governments
  • September 2021 – Blackmatter ransomware targets US farmer cooperative NEW Cooperative and demands $5.9 million in ransom
  • October 2021 – US water and waste treatment facilities targeted by three separate ransomware incidents

Overall, the US Government remains a primary target for cybercrime. With previous campaigns such as ransomware fetching an average of almost $2 million per compromise and the sheer quantity of personal and confidential data available like the 198 million records compromised in the 2015 operation that targeted the US Voter Records, it is unsurprising that they remain a prominent target. Steps should be taken to mitigate these campaigns particularly as the number of connected devices increases year on year and those connected and sharing details online also follows this trend. The US Government is not unique in the need for cybersecurity upgrades in the United States, but it should be focused on using its almost $20 billion annual cybersecurity budget to mitigate these risks, particularly as the yearly average of government and military data breaches in the United States remains in the double figures.


[1] https://www.statista.com/topics/3387/us-government-and-cyber-crime/#dossierKeyfigures

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.