The Department of Veterans Affairs has launched an investigation following a cyber breach involving source code containing sensitive account credentials, FedScoop reports.
Three sources with direct knowledge of the situation told the news outlet that a federal contractor published the information — including hard-coded administrator account privileges, encrypted key tokens and specific database information — on the internet hosting service GitHub.
Six foreign IP addresses cloned the source code within minutes of publication, including at least one from a country hostile to the United States, sources said.
The cloning of the code could potentially grant foreign agents access to application credentials and other data that could allow lateral movement through an agency’s IT systems.
According to FedScoop, secret keys used to access at least 12 applications were exposed as a result of the breach.
Sources told the outlet that the information was leaked online after the contractor allegedly copied source code from a VA-managed GitHub account and published it on their personal GitHub account, which was switched to public mode.
The sources spoke on condition of anonymity because Congress has not yet been briefed on the situation.
The source code was published on July 5, sources said, but IT leadership at the VA did not learn of the breach until Sept. 9, when it was revealed through the Cybersecurity and Infrastructure Security Agency’s (CISA) disclosure program and reported.
After a government department is made aware of a potential breach by CISA, it must work to determine the details of the incident and the type and sensitivity of information that may have been accessed.
Microsoft, which owns GitHub, was reportedly contacted regarding the incident and provided a detection and response team to conduct an analysis of the security risks posed by the leaked information.
Although federal agencies frequently publish open-source code, several senior IT officials told FedScoop that this disclosure was unusual because it involved code being copied from an official agency GitHub source and included sensitive credentials.
"Copying [source code] from government private side to personal is strictly forbidden, so if the repo was private then that’s a firing and dismissal offense," one source told the outlet.
The breach is one of several that have made headlines in recent weeks.
On Thursday, an information technology company that supports U.S. defense and intelligence was apparently victimized by a ransomware attack. BlackCat, a ransomware operation that also goes by the names ALPHV and Noberus, alerted IT company NJVC about the breach.
"We strongly recommend that you contact us to discuss your situation," BlackCat told NJVC, according to a DarkFeed tweet. "Otherwise, the confidential data in our possession will be released in stages every 12 hours."
Also this week, The Hill reported that the Department of Justice charged an Army doctor and his wife, an anesthesiologist, with conspiring to provide military documents to Russia.
Anna Gabrielian, 36, and Jamie Lee Henry, 39, both of Rockville, Maryland, were indicted on Wednesday, accused of conspiring to provide the personal medical records of individuals to Russia to assist the nation in its invasion of Ukraine, according to a Thursday release unsealing the charges.
© 2024 Newsmax. All rights reserved.