Defense Contract Management Agency Investigating Possible Cyber Breach

By Eric Noonan • February 10, 2015

In the latest cybersecurity breach, the Defense Contract Management Agency (DCMA), responsible for administrating contracts on behalf of the Department of Defense (DoD), has taken several of its servers offline in response to a potential cybersecurity incident.  According to Krebsonsecurity, a Cyber Protection strike team from the DoD is now working closely with the DCMA to elevate its security posture following the incident.

“So far, no DCMA, DoD or Defense Industrial Base data nor any personal identification information has been breached (…) DCMA’s website has been intentionally taken offline while the team investigates the activity,” the spokesperson says. “All other network operations have proceeded as normal (…)”

David Wray, DCMA Spokesman

The two-week-long “Corrective Action” message found on the home page of the DMCA.

According to an unidentified source in the DCMA, the agency has been having “major system issues, including a number of internal systems.” This incident adds to the string of cyber attacks on US Government systems from the U.S. Central Command’s Twitter and YouTube accounts, the United States Postal Service data breach, the National Oceanic and Atmospheric Administration website compromise, and the White House’s unclassified network breach.

 

What was the Attack Vector?

DCMA employees leverage resources for telework to review federal contracts between external companies and the DoD. At CyberSheath, we have seen a number of successful cyber attacks leverage these third party relationships and integrations to gain access to the internal trusted network of a partner. This methodology also follows the trends of recent attacks against the US Government. Albeit, this is only speculation as we do not have enough information to analyze who and how the attackers breached DCMA.

 

What was the Motivation?

It is highly likely that hackers targeted DCMA in an effort to obtain intel on the entities that hold specific contracts for the DoD so that they may target those entities and breach more sensitive networks. Alternatively, the groups responsible may be trying to release confidential information to the public to embarrass the US Government. In either case, this attack may set the stage for a greater incidence in the coming weeks.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft