The Department of Homeland Security warned of a recent cyberattack directed at the agency in an “emergency directive” issued Tuesday.
“[A]ttackers have redirected and intercepted web and mail traffic, and could do so for other networked services,” according to the directive.
The attack is believed to be out of Iran, according to ZDNet.
The emergency directive requires all employees to take multiple login precautions, including changing passwords and implementing multifactor authentication, and all agency-related domains will be audited.
The attacker tampered with the domain name system and was able to redirect site traffic. The hijacker, however, was also able to obtain encryption certificates for organizations’ domain names, which allows any redirected traffic to be decrypted, revealing any data the user submitted.
The DHS directive will stay in effect for an unspecified time, according to the statement.
In the meantime, the Cybersecurity and Infrastructure Security Agency will continue to track the series of incidents and will regularly provide technical assistance.
The new cybersecurity agency, as part of the Department of Homeland Security, is affected by the ongoing partial government shutdown that has left some 800,000 federal employees either furloughed or working without a paycheck.
