Hackers breached several local government offices in Louisiana in recent weeks, prompting state officials to enlist the National Guard to stem the attacks, a security researcher familiar with the incidents said Friday.
The intrusions come in the run-up to an election in which Russian hackers are known to be probing state and local government networks.
There were no indications that the Louisiana attacks were part of an effort to compromise election systems, the researcher said. Officials are increasingly worried, however, about hackers testing states’ defenses ahead of possible disinformation or sabotage efforts closer to the election.
Whodunnit: The Louisiana cyberattacks involved a remote access trojan, or RAT, the kind of malware often used to lay the groundwork for additional breaches. The hacking tool, called “KimJongRat,” has been linked to the North Korean regime in the past, said the security researcher, who requested anonymity to discuss a private investigation.
But according to the researcher, the malware’s code is freely available online on sites like GitHub, complicating a clear attribution to Pyongyang or anyone else.
Identifying the attackers will be a major priority for federal authorities. Cyber criminals have increasingly targeted local governments with ransomware in the hope of extracting massive payments to unlock vital municipal systems. Officials and private-sector experts are trying to determine whether any of these criminals are working with, or taking orders from, foreign adversaries such as Russia, China, Iran or North Korea.
Limited spread: The Louisiana National Guard was able to stop the spread of the infection before it escaped beyond a few government offices in the northern part of the state, according to Reuters, which first reported the attacks.
The hackers’ goal was likely to deploy ransomware, Reuters said, citing a person familiar with the matter.
Spokespeople for Louisiana’s chief information officer and the Louisiana State Police did not respond to requests for comment. A Louisiana National Guard spokesperson declined to comment.
Elsewhere: Washington state also recently experienced a cyberattack that compromised several government offices with malware often used to deploy ransomware, according to Reuters. Last month, Bloomberg reported on a “a sprawling, multifaceted” attack there.