The D.C. city government was the target of a hacking attempt from overseas earlier this week, said local officials who have referred the matter to federal authorities for investigation.
City employees received strange emails on Tuesday that attempted to lure them into revealing their passwords and other sensitive information. Officials say they aren’t aware of any information that was compromised as a result of the phishing attacks, and said they “successfully defended” against the attack.
“The District of Columbia government received multiple and perhaps coordinated email phishing attacks from overseas and domestic sources on Tuesday, July 24,” said Barney Krucoff, the city’s interim chief technology officer, in a statement to The Washington Post.
“The DC Office of the Chief Technology Officer (OCTO) took multiple actions to mitigate the attacks including reporting the events to federal authorities for investigation and potential prosecution.”
It wasn’t clear who generated the emails, which were sent across the D.C. government to 30,000 employees.
Phishing, or a broad attempt to trick someone into revealing sensitive information, is a common hacker technique.
Russia is suspected of deploying it as part of its interference in the 2016 presidential race. Hillary Clinton’s campaign chairman John Podesta received a phishing email, leading to the leak of his emails throughout the campaign. Earlier this month, a dozen Russian military intelligence officers were indicted on charges connected to the hack of Democrats in 2016.
Hackers with the Russian military intelligence agency also targeted three candidates running in the November midterm elections, Microsoft executive Tom Burt said at the Aspen Security Forum in Colorado last week. U.S. Sen. Claire McCaskill (D-Mo.) said this week she was one of those targets.
“Phishing attempts like this one are common attacks most government agencies experience, and being in Washington, D.C. we are particularly susceptible,” Krucoff wrote in a Thursday email to District employees.
He said the District can block links and senders of verified phising attempts for phones, computers and tablets connected to the government’s secure network, but not for devices connected to home or public networks.
“The frequency and sophistication of phishing attacks will continue to increase,” Krucoff wrote. “District employees should exercise caution.”