By exploiting vulnerable Adobe software, hackers were able to gain the access they needed to steal sensitive data from government computers, reports revealed.
Reuters, which obtained an FBI memo warning of the attacks and linking the incidents to hacktivist group Anonymous, published the details in a Friday article.
According to the outlet, attackers that leveraged the Adobe vulnerability were able to “launch a rash of electronic break-ins” that started last December – which were facilitated with backdoors planted on government machines.
The Department of Energy (DOE), the Department of Health and Human Services, and the U.S. Army were among the breached agencies, Reuters reported.
Several factors – such as the attack method used, the victims of the campaign, and the timing of the incidents – appear to coincide with exploits described in an ongoing case against a British man, who was arrested late last month.
In October, Lauri Love, 28, was charged for his involvement in breaching thousands of computers in and outside of the United States, between October 2012 and October 2013; specifically, those belonging to the U.S. Army and other government agencies.
Love allegedly exploited vulnerabilities in Adobe ColdFusion and carried out SQL injection attacks to hack government databases with unnamed co-conspirators in Australia and Sweden. The group is also suspected of planting malware on their targets' systems so they could maintain backdoor access to compromised networks, court documents said.
On Monday, SCMagazine.com reached out to an FBI spokeswoman, who declined to comment on the publicized memo and suspected connection between Love and Anonymous.
According to reports, an Adobe ColdFusion flaw was also used to leverage attacks in the newly revealed campaign being linked to Anonymous.
With their access, attackers were able to steal the personal information of more than 100,000 DOE employees, contractors, family members and others associated with the agency, as well as data on nearly 2,000 bank accounts, Reuters said.
The outlet obtained an internal email from a high-ranking energy official, Kevin Knobloch, chief of staff to Energy Secretary Ernest Moniz, which said on Oct. 11 that the stolen financial data had officials “very concerned” about the potential of fraud.