Ransomware

British Columbia Cyberattack: State Actor Made 3 Attempts To Breach Govt Networks

The government had prior knowledge of the breach for nearly a month before making it public

by Mihir Bagwe May 10, 2024 in Cybersecurity News, Threat Actors Reading Time: 4 mins read 0

585 SHARES 3.2k VIEWS Share on LinkedInShare on Twitter

A state or actor orchestrated the “sophisticated” cyberattacks against the networks, revealed the head of B.C.'s public service on Friday.

Shannon Salter, deputy minister to the premier, disclosed to the press that the threat actor made three separate attempts over the past month to breach government systems and that the government was aware of the breach, at the time, before finally making it public on May 8.

Premier David Eby first announced that multiple cybersecurity incidents were observed on government networks on Wednesday, adding that the Canadian Centre for Cyber Security (CCCS) and other agencies were involved in the investigation.

Salter in her Friday technical briefing refrained from confirming if the hack was related to last month's security breach of Microsoft's systems, which was attributed to Russian state-backed hackers and resulted in the disclosure of email correspondence between U.S. government agencies.

However, she reiterated Eby's comments that there's no evidence suggesting sensitive personal information was compromised.

British Columbia Cyberattacks' Timeline

The B.C. government first detected a potential cyberattack on April 10. Government security experts initiated an investigation and confirmed the cyberattack on April 11.

The incident was then reported to the Canadian Centre for Cyber Security, a federal agency, which engaged Microsoft's Diagnostics and Recovery Toolset (DaRT) due to the sophistication of the attack, according to Salter.

Premier David Eby was briefed about the cyberattack on April 17.

On April 29, government cybersecurity experts discovered evidence of another hacking attempt by the same “threat actor,” Salter said.

The same day, provincial employees were instructed to immediately change their passwords to 14 characters long. B.C.'s Office of the Chief Information Officer (OCIO) described it as part of the government's routine security updates.

Considering the ongoing nature of the investigation, the OCIO did not confirm if the password reset was actually linked to the   government cyberattack but said, “Our office has been in contact with government about these incidents, and that they have committed to keeping us informed as more information and analysis becomes available.”

Another cyberattack was identified on May 6, with Salter saying the same threat actor was responsible for all three incidents.

The cyberattacks were not disclosed to the public until Wednesday late evening when people were busy watching an ice hockey game, prompting accusations from B.C. United MLAs that the government was attempting to conceal the attack.

“How much sensitive personal information was compromised, and why did the premier wait eight days to issue a discreet statement during a Canucks game to disclose this very serious breach to British Columbians?”the Opposition MLA Todd Stone asked.

Salter clarified that the cybersecurity centre advised against public disclosure to prevent other hackers from exploiting vulnerabilities in government networks. She revealed three separate cybersecurity incidents, all involving efforts by the hackers to conceal their activities.

Following a briefing of the B.C. NDP cabinet on May 8, the cyber centre concurred that the public could be notified.

Salter said that over 40 terabytes of data was being analyzed but she did not specify if the hackers targeted specific areas of government records such as health data, auto insurance or social services.

The province stores the personal data of millions of British Columbians, including social insurance numbers, addresses and phone numbers.

Public Safety Minister and Solicitor General Mike Farnworth told reporters Friday that no ransom demands were received, making the motivation behind the multiple cyberattacks unclear.

Farnworth said that the CCCS believes a state-sponsored actor is behind the attack based on the sophistication of the attempted breaches.

“Being able to do what we are seeing, and covering up their tracks, is the hallmarks of a or a state-sponsored actor.” – Farnworth

Government sources told CTV News that various government ministries and agencies, and their respective websites, networks and servers, face approximately 1.5 billion “unauthorized access” or hacking attempts daily. The number has increased over the last few years and the reason why the province budgets millions of dollars per year to cybersecurity.

Salter confirmed the government spends more than $25 million a year to fortify its defenses and added that previous investments in B.C.'s cybersecurity infrastructure helped detect the multiple attacks last month.

Microsoft last month alerted several U.S. federal agencies that Russia-backed hackers might have pilfered emails sent by the company to those agencies, including sensitive information like usernames and passwords. However, Salter did not confirm if Russian-backed hackers are associated with the B.C. security breach.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button