The US Treasury last month repelled cyber attacks by a pro-Russian hacker group, preventing disruption and confirming the effectiveness of the department’s stronger approach to financial system cybersecurity, a US Treasury official said.
The Treasury has attributed the distributed denial of service (DDoS) attacks to Killnet, the Russian hacker group that claimed responsibility for disrupting the websites of several US states and airports in October, said Todd Conklin, cybersecurity counselor to Deputy Treasury Secretary Wally Adeyemo.
The incident, not previously reported, occurred a couple of days before similar attacks from Killnet on US financial services firms, Conklin told a financial services industry and regulator conference on cybersecurity.
Killnet claimed on Oct. 11 that it had attacked JPMorgan Chase & Co’s network infrastructure, but the bank reported no impact on its operations.
Conklin described the attack on the Treasury as “pretty low-level DDoS activity targeting Treasury’s critical infrastructure nodes.”
In line with new procedures adopted under the Biden administration, he said the Treasury quickly shared internet protocol (IP) addresses used in the attack with financial services firms.
“It confirmed that we’re on the right track with how we’re trying to actually share tactical information with the sector in real time with the mind that we are interconnected and face the same threat actors,” Conklin said, adding that this information includes downgraded intelligence and details on adversaries.
The changes emanated from a shift in Treasury’s cyber threat posture after Adeyemo and Treasury Secretary Janet Yellen took office. Adeyemo created the cybersecurity counselor position, elevating Conklin to a department-wide coordinating role. Conklin joined Treasury during former President Donald Trump’s administration.
Adeyemo also told the conference that the incident was a “stark reminder” that Treasury and financial services firms face the same threats, especially since Russia launched its war on Ukraine in February.
“Before and over the course of this unconscionable invasion, we have remained in close contact with many of you to provide critical updates, flag potential risks, and ensure we are giving you what you need to keep your systems secure,” Adeyemo told the regulator-led Financial and Banking Information Infrastructure Committee (FBIIC) and the industry-led Financial Services Sector Coordinating Council (FSSCC).
Adeyemo called for the two groups, launched 20 years ago after the 9/11 attacks, to deepen their cooperation to drive cloud and data protection workstreams and focus on new systemic risk issues.