The Broadcasting Board of Governors endured “drive-by” malware in 2015 that may have been linked to “a malicious Russian advertising site,” an internal memo shows.
Drive-by malware is common. Merely visiting a malicious site – mail-order bride from Russia, anyone? – can infect your computer.
The May 20, 2015, memo stated:
The Agency received no notifications from the United States Computer Emergency Response Team (US-CERT) of any suspicious activity being directed towards or emanating from the Agency’s computing infrastructure. However, four workstations were detected communicating with command and control centers through a malware infection. These infections may have been a result of drive-by infections due to visiting sites serviced by a malicious Russian advertising site. All systems were remediated. Forensic scanning tools identified five additional workstations having indicators of compromise (IOCs). The workstations were also remediated.
The former BBG is now called the U.S. Agency for Global Media. It is an independent government agency and oversees the Office of Cuba Broadcasting.
André Mendes, then chief information officer for the BBG, told the Federal News Network:
When I first came on board in 2009, every single server in this agency was controlled by the Chinese cyber army and they could have literally dropped this agency with one key stroke. Fortunately they chose never to do so, but at the same time we knew they were exfiltrating literally gigabyte upon gigabyte of information every day. Because we transmit into China, into Iran, into Vietnam, into Russia, into Chechnya and into North Korea, we are constantly being pounded by these individuals. So for us, cybersecurity is absolutely one of our top priorities because we can’t afford to fail in that endeavor. We have far too many, far too sophisticated people that are really trying to get into our data centers and wreak havoc with our operations.