In July, a hacker invaded the email accounts of the Virginia Military Department and the Virginia Defense Force, told a representative from the Virginia National Guard.
The attack "impacted" the e-mail reports of the Virginia Department of Military Assistance as well as the Virginia Department of Defense, but still, no proof of violations has been identified. Joint investigation with the State and Federal cyber security and law enforcement officials have made all these revelations.
The Virginia National Guard's Chief of Public Affairs, A. A. Puryear, stated that the organization was alerted in July of potential cyber threats to the Virginia Defense Force and started investigating instantly in synchronization with state and federal cyber security officials and law enforcement to ascertain what all was affected by the severe cyber-attack.
The National Guard of Virginia comprises the Virginia Army National Guard and the Virginia Air National Guard. It's a component of the Virginia government, the federal state has largely financed the Virginia National Guard throughout the United States. The National Guard is the only military organization authorized by the United States to operate as a state. The Virginia Defense Force is the Virginia National Guard's all-voluntary reserve and "serves as a force multiplier" in all domestic activities of the National Guard.
"The investigation determined the threat impacted VDF and Virginia Department of Military Affairs email accounts maintained by a contracted third party, and there are no indications either VDF or DMA internal IT infrastructure or data servers were breached or had data taken," Puryear said.
"There are no impacts on the Virginia Army National Guard or Virginia Air National Guard IT infrastructure. The investigation is ongoing with continued coordination with state and federal partners to determine the full impact of the threat and what appropriate follow-up actions should be taken."
However, on the 20th of August, a treasure dataset obtained from the Virginia military department was published on Marketo - marketplace for stolen information. They argued to have 1GB of data that was available for sale.
Findings have suggested that although administrators of Marketo are not sellers, certain data on their website is believed to have been collected and advertised which compelled victims to pay ransom during ransomware attacks.
Earlier Marketo used to be in the headlines for selling the Japanese tech firm Fujitsu's data. Digital Shadows published in July an article about this group that was established in April 2021 and frequently publishes its stolen information on Twitter via an account. The organization has often argued that it was an "informational marketplace" and not a ransomware group.
"They have taken the same route that Babuk did and are all 'data leaks.' To the best of our knowledge, they don't claim to steal the data themselves and instead, they offer a public outlet to groups who do, whether they are ransomware or not," Allan Liska, member of the computer security incident response team at Recorded Future said.
Threat analyst and ransomware specialist, Brett Callow from Emsisoft stated that it is still not obvious exactly how Marketo obtains the data they sell, and also that their responsibilities for hacking or simply act as commission-based brokers aren't really clear. He said that certain victims on Marketo's leak site have lately been affected by attacks from ransomware, such as the X-Fab attack that the Maze ransomware attack in July 2020 and the Nefiliim ransomware attacks of Luxottica in September.
"That said, at least some of the data the gang has attempted to sell may be linked to ransomware attacks, some of which date back to last year. Leaked emails can represent a real security risk, not only to the organization from which they were stolen but also to its customers and business partners," Callow said.
Recently, the group has identified hundreds of institutions, including the US Defense Department, and normally leaks a new one weekly and mostly sells data from companies in the US and Europe.