State investigating cyberintrusion

The State Department is investigating an intruder breaking into unclassified department IT systems, starting with embassies and offices in the East Asia/Pacific region and migrating to department headquarters.

State cybersecurity personnel took immediate steps when they detected the intrusion, and initial findings show that they prevented any loss of sensitive U.S. government information, a State spokesman said. When first detected, the intruder was at a location containing a small amount of data.

'This was a textbook example of how you protect, monitor, detect and immediately address challenges to the integrity of the computer system in terms of cybersecurity,' State spokesman Sean McCormick told reporters today at a briefing.

He tried to downplay the importance of the intrusion by noting that all public and private organizations must be vigilant against cyberintrusions every day. McCormick would not give a timeline of the event or State's response because he did not want to tip off hackers to department methodology, McCormick said.

'You have to assume that people are trying to [get] into your systems every day,' he said.

In response, State has taken administrative steps, which he would not disclose, and also changed the passwords for some personnel. A forensic examination is ongoing to determine what happened and learn from it .No gaps were found in cybersecurity policies, and no changes will result from the incident, he said.

The cyberintrusions were first detected at some U.S. embassies and offices in the East Asian and Pacific region, he said. Those offices work on issues relating to China and North Korea. As part of the interagency task force that cooperates on cybersecurity, State notified the appropriate agencies, including the FBI.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected