US officials and cybersecurity experts investigating major Treasury and FireEye hacks believe the cyberattacks were ultimately discovered due to a mistake hackers made while moving through a compromised network. The CNN website reported.
Investigators still have not confirmed the motives of the attackers and are currently trying to reveal the full scale of the attack, as well as to identify those responsible for the malicious campaign, which affected a number of government agencies and dozens of private companies. The intrusion was first spotted by cybersecurity firm FireEye after breaking into its own network.
FireEye became aware of the presence of hackers when they tried to advance on the company’s network. Presumably, the hackers intended to gain access to confidential data other than email addresses or business documents. It remains unclear whether the detection of the attack was due to an error by the attackers or the result of taking “calculated risk”, sources said.
FireEye representatives said that during the hack, the hackers used employee credentials to register their device in the FireEye multi-factor authentication system and gain access to unique codes. Information security experts warn that hackers have used several entry points to break into networks, some of which have not yet been identified.
While the scope of the hacking campaign remains unclear, the affected government authorities said that to date, there is no evidence that classified data has been compromised.