Another warning is issued by the FBI detailing that foreign agents have free reign within multiple Federal government systems. APT6 still continues to operate unfettered throughout the Federal government information systems, providing them with countless points of spear phishing attacks to get into other systems. So for instance if a trusted .GOV website was taken over, the hackers could use that domain to send emails (with malicious software) to other Federal employees. The victim would see that the email was from another .GOV email address thereby trusting the email’s authenticity and would be more likely to run the attached malicious software. In the commercial world, most of these attacks would be easily mitigated, however given the countless alerts by the FBI so far, it seems that public government websites have been operating with fairly light security oversight.
“For Adams, this alert shows that the US government still is not in control of what’s going on inside its most sensitive networks. This alert, he said, is an admission of that.”
