Attackers intruded on unclassified White House computer networks in recent weeks, unidentified White House officials told the Washington Post.

The newspaper’s sources said that no damage has been detected, and the classified network apparently wasn’t attacked.

One White House official told the paper that users have had to deal with temporarily disrupted services:

In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network. We took immediate measures to evaluate and mitigate the activity. . . . Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.

Fingers are pointing at Russia, given circumstantial evidence, including recent reports of cyber-espionage campaigns launched by Russian operatives thought to be working for the government.

One such was Sandworm: a zero-day exploit that was transmitted via Powerpoint files and that took advantage of a previously unpatched Windows vulnerability.

Sources told the Washington Post that the nature of the target – i.e., a government network – is consistent with a state-sponsored campaign.

The breach was discovered 2-3 weeks ago.

Mitigation included staffers having to change their passwords and intranet or VPN access being temporarily shut off.

Sources told the paper that the email system, apart from some minor delays, didn’t go down.

The attack is hardly surprising. In fact, it’s par for the course, a source told the paper:

On a regular basis, there are bad actors out there who are attempting to achieve intrusions into our system. This is a constant battle for the government and our sensitive government computer systems, so it’s always a concern for us that individuals are trying to compromise systems and get access to our networks.

Via: nakedsecurity