Cybercriminals hacked employees of at least two US federal civilian agencies last year as part of a “widespread” fraud campaign that sought to steal money from individuals’ bank accounts, US cybersecurity officials revealed Wednesday.
In one case, the unidentified hackers posed as tech support, convinced a federal employee to call them and then instructed the federal employee to visit a malicious website, according to the advisory from the US Cybersecurity and Infrastructure Security Agency, National Security Agency and a threat-sharing center for state and local governments known as MS-ISAC.
The goal of the scam, which appears to have hit both private sector and government agencies, was to trick victims into sending the scammers money. It was unclear if that happened in the case of the federal employees.
The episodes underscore how federal officials, like others, can be duped into sharing sensitive financial information – and that they might not find out about it for weeks or months afterward.
CISA discovered the activity in October 2022, but the hackers had been sending phishing emails to federal employees’ personal and government email accounts since at least June, according to the advisory.
Forensic analysis “identified related activity” on many other federal networks in addition to the two initial agency victims, the advisory said.
While financially motivated crooks were apparently behind this campaign, the US agencies said they were concerned such hackers could sell stolen data to government-backed spies. The legitimate tech-support software used in the scam is useful for hackers looking to maintain covert, long-term access to a network, officials said.