The alert doesn't say what damage, if any, the attacks have wrought.
Reconnaissance then? Find the weak spots and note them. If and when all hell breaks loose, use them.
The United States' Department of Homeland Security has issued an alert that warns of “advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.” The alert says an unknown actor has been at it since May 2017 and has …
The problem is they go after "high-value targets". I.e. upper-manglement. The types that don't get fired for being idiots, and the types more likely to be idiots when it comes to IT. Which further supports my notion that while upper management can be a necessary evil, they should not have access to any actually operationally sensitive data. Accounts spreadsheets and the like is just fine, but there is no need for them to access wiring diagrams, product drawings or production data. Sort of an internal firewall around manglement if you will.
"Would it be legal to send emails to your own employees to identify these individuals and then "allow them to pursue new opportunities" before they have the chance to compromise your company?"
Actually our company DOES send out test emails, though I believe it is more for testing and educating - at least I am not aware of any more serious action being taken.
All email coming from outside our enterprise is automatically delivered with red text at the top saying "External Email" so at least it is harder for someone to spoof coming from a legitimate company employee. My thoughts are that if they fail this one "education" should only be an option the first time.
Yes, it is quite depressing that people still haven't cottoned on to the idea that a complete stranger does not send you confidential documents out of the blue.
I receive invoices and such from people I don't know. After a "yeah, sure" moment, I check the originating address to be sure and, generally, that's when the game is up. Either the domain has nothing to do with the purported origin (eg. a mail from Microsoft that is sent from a Gmail account), or worse, it supposedly came from my own domain (I am one of three users in my domain).
It doesn't take more than two brain cells to figure out that a message from SomeGuy2748 is not a professional source. There is no company on Earth that registers its employees like that, ergo no professional mail can come from such a source.
And yet people still get taken in by such stupid shenanigans.
Even more depressingly I have had genuine confidential documents from complete strangers out of the blue, not to mention documents from out of the blue that purport to be or genuinely are from people who aren't complete strangers, and I have come across companies who have user names like SomeGuy2748. I can read email headers and readily spot messages that are not what they say they are, but the average user can not.
'...spear-phished them with emails bearing subject lines such as “AGREEMENT & Confidential” containing benign attachments that “prompted the user to click on a link should a download not automatically begin.”'
And I suppose we are meant to believe that someone in a position of trust and responsibility was so incredibly dumb and irresponsible as to fall for those?
Even people who are "smart, critical and sharp witted" can fall for phishing emails. A good example is the "I'm stuck in another country and have lost my wallet, phone, etc please send me money to get home" email from a friend's address. I know one very intelligent CEO who would have fallen for that if he hadn't mentioned it to me first. Non-IT people have never heard of these standard phishing scams so the messages look legit to them.
Although the attacks described were most likely nothing to do with any state actors, the US government would have no right to complain - or to be surprised - if they were mounted by such actors.
For years the US government has been making rousing speeches about "the threat from China", "the threat from Russia", the threat from Iran", and recently even - hilariously - "the threat from Venezuela". It has also proceeded to talk about how it is budgeting generous funds to hire and train specialists whose job it is to attack other nations' infrastructure should they be deemed to have stepped out of line.
It wouldn't be amazing if some of them thought, "we might as well just do what we are being blamed for anyway - and get ready for the balloon to go up if and when it does".
Reminds me of the wonderful scene in "The Life and Times of Judge Roy Bean" where this big ugly gunfighter challenges Bean (Paul Newman) to a duel. Right on time, the black hat shows up in front of the courthouse steps, calling the odds and shouting for Bean to come out and fight. Then the take switches to a warehouse window about fifty yards behind the black hat, where Bean lies comfortably prone on a bed of straw with his rifle aimed squarely at the middle of the black hat's back...
As Sun Tzu puts it, "Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win".
If you are targeted with a smart spear phishing email/document which purports to be able to lead and provide one with outstanding new goodies which one would certainly be interested in testing/enjoying, is a greater danger realised whenever the products alluded to are readily available and will be delivered elsewhere to competitors and/or opponents if one does not choose to investigate further?
One is then extraordinarily rendered in an instant, a follower rather than leader of outstanding new developments.
So just like STUXNET then?
"initiating downloads of documents using Server Message Block."
Another feature of the NSA toolkit that works beyond Windows XP?
Looks like recon to work out what H/W they should focus developing malware for (if they don't have any in stock). Unless of course they are planning actual physical entry.
It seems someone is using the US cyber warefare play book against them.
For some reason I keep hearing the voice of Alan Rickman in my head saying "You ask for a miracle. I give you the FBI."
I'm not sure why. :-(