Exclusive interview with Russian hackers “XakNet Team”

Exclusive interview with Russian hackers “XakNet Team”


Read Time:20 Minute, 42 Second


what they really mean to say

Xaknet Team is a Russian group of hackers and information security specialists who appeared in February 2022 and became known in the media thanks to an attack on the website of the President of Ukraine, hacking of the Cyber Police of Ukraine, publication of leaks with documents from the Ukrainian Foreign Ministry, as well as disabling the Ukrainian Kropiva systems for artillery fire using DDoS attacks.

As recently reported that XakNet Team hackers took down the servers of the Ukrainian surveillance and guidance system Kropiv in three minutes. They say that this is the first time such a skill has been used in the course of hostilities. For this – a letter, for help in the liberation of Krasny Liman from Colonel-General of the Armed Forces of the Russian Federation, Chief of Staff of the “Center” grouping of troops (forces) was awarded.

Mash – awarding a diploma of the Russian group of hackers “XakNet Team”

It is known that the Ukrainian program of the artillery fire correction system was developed by Logika “Kropiva” allowed units to quickly exchange information, choose a strike point and give orders to individual guns or battalions. The software was installed on tablets of the Ukrainian army or distributed via Telegram.

The blocking of the Kropiva system helped to reduce invading Russian losses and significantly weaken the capabilities of the Ukrainian army for a moment.

“Kropiva”
“Kropiva”

A representative of the hacker group Xaknet Team agreed to give a text interview:

Russian OSINT: As the Telegram channel Mash recently reported, a team of pro-Russian hackers “XakNet” took down the servers of the Ukrainian surveillance and artillery guidance system “Kropiva” in three minutes. As a result of the hack, pro-Russian hackers managed to prevent casualties among the Russian military and private military contractors.

Thanks to a high-profile case, it becomes clear that cyber hacking plays an important role in modern conflicts and can be considered an effective weapon on the battlefield.

Can you share the exclusive details of this cyber attack, how it happened, what tasks were set and why Kropiv was chosen as a priority target at that time?

XakNet Team: There are not many details. We met with the guys who participated in the SVO. They talked about Kropiva. We got the APK, looked where it was knocking and decided not to be smart, just DDoSed it. At first they tried it with the joint efforts of colleagues, the result was not enough, since she got up. We took a time-out for the night, bought a bunch of servers with government money, and in the morning shied away to the fullest. This time she lay as long as we needed her. 

Telegram channel XakNet Team

In fact, it was the most primitive attack we’ve ever made. It just had an effect on the battlefield, and this has never happened before in modern history, well, it spread through the media. However, it was this case that turned the worldview a little in the whole team the whole team. It was at the same time pleasant that, according to the guys from the field, they saved quite a few lives, but at the same time they felt uncomfortable.

It is unpleasant to realize that people from the outside, without a military education, can interfere in the course of hostilities. Moreover, this particular case showed that not only we could do this, but also people with virtually no qualifications in the field of information security.

Russian OSINT: For the layman, can you explain with simple examples how such systems are hacked?

XakNet Team: Specifically in this case, there was no hacking, there was a DDoS attack. Resources are taken (compromised computers, or, in our case, servers are bought) and many requests are sent to the victim’s servers, which makes it impossible to function due to service or channel overload. For the completely inexperienced: Gather 10-20 thousand people, make them go to the site you need at the same time – and it will stop opening.

Russian OSINT: In your opinion, are your decisive actions in the form of cyber attacks justified against the backdrop of the invasion being carried out in Ukraine?

XakNet Team: Honestly? Not sure if they are justified. It all started at the direction of the Kremlin. None of us served in the Army, but we really had to work for the Motherland. Here both masked clowns [representatives of the Anonymous hacktivist movement] and quite adequate Ukrainian colleagues from the IB got involved. Didn’t find anything better than doing the same as they did. Considering how our media remained silent, and their media attacked, it was important (in our opinion) to show citizens that everyone is “ashamed to be Russian”, and that there are people who are ready to do something when forced by authorities.

Russian OSINT: Did the Kropiva hack prevent real casualties among Russian Federation military personnel and mercenaries?

XakNet Team: I think it’s obvious. Artillery guidance did not work, this is a recognized fact. The guys from the field wrote to me about saving lives, I think for this they were awarded.

Russian OSINT: It is claimed in open sources that your group of hackers first appeared in 2008 during the conflict in Georgia and then disappeared, is this true? When did the XakNet Team first appear?

XakNet Team: Not really. XakNet Team is a tribute to the forum that was founded in 2007. Yes indeed, in 2008 we took part in the attack on the Georgian government and got featured on CNN. But do not confuse this forum with the reincarnation that appeared a few years ago. This has nothing to do with us, we are exactly from that old-school hacknet of the 2007 model.

Russian OSINT: Many journalists and the media are asking the question of the affiliation of hacker groups in cyberspace, are you related to the military or state structures of the Russian Federation?

XakNet Team: Yes, absolutely. I think it shows in our actions. We work under strict government direction, really understanding what is needed and what is not. Contacts with the military began after the start of our activities. But, I already wrote something. Not that we would be against it. I just wanted to interact with anyone in real life. But in this format, why not.

Russian OSINT: Can you be called a pro-Russian group of hackers? If so, do I understand correctly that your team includes people of various nationalities, cultures and religions?

XakNet Team: I think we can be called directly a Russian group. Regarding nationalities and religions, I will answer this way: All the Russians in the team without exception.

Russian OSINT: Is your interest only in Ukraine or are you also present in other countries? [text interview was done before the events with the blocking of transit to Kaliningrad]

XakNet Team: At the moment, yes. We work only on the territory of Ukraine, and we do not get involved in what we do not understand since we are ordered to attack only Ukraine. We are waiting for what position the government will take towards Lithuania. There are already certain developments, but as I already said, we will undertake to enter where we do are instructed. I do not want to disagree with the official agenda of the state, and given that there are no political scientists among us, and we cannot read between the lines, we follow orders.

Russian OSINT: What goals do you pursue as a hacker group, what are you fighting against, and can your activity be considered a defensive response to cyber threats against Russia?

XakNet Team: I don’t really like being called a hacker group. The Ukrainian are called cyberarmy and we are called criminals. There are reports from well-known companies including investigations into the activities of Russian hacker groups and reports on the activities of Ukrainian groups. We are criminals since the Russian invasion is illegal. It’s very one-sided. Moreover, if we take into account the fact that our team, having all the possibilities to paralyze the objects hacked by us, was limited to data leaks, and the Ukrainian colleagues were engaged in defense, it looks generally normal that we, and not them, are in the NSA reports.

CISA Alert

If we do not delve into history, but take into account the association of the phrase “hacker group” in the minds of today’s society, then it turns out that we are criminals. We do not consider ourselves as such, we do not pursue any commercial interest, only government directed attacks. We’re more like information security specialists who were co-opted or drafted. The goals are very simple, to get information that will show people a skewed truth, to show citizens that they will be abandoned, and our country is realitively weak in the digital field.

Russian OSINT: Today, a real cyber war against Russia has unfolded in cyberspace, involving more than 22 groups, the Russian Foreign Ministry recently reported. 

How would you describe the current situation?

https://mid.ru/en/foreign_policy/news/1817019/
https://mid.ru/en/foreign_policy/news/1817019/

XakNet Team: Mayhem is happening. Today, Russian information security specialists have fled the country. And everyone is attacked: hospitals, factories, entertainment sites, retail businesses (which cannot afford protection at all).

Russian OSINT: We often hear about various leaks in the Russian media: Yandex.Food, CDEK, Gemotest and others. In your opinion, who exactly is behind the hacks and the publication of these leaks, what are the ill-wishers guided by?

XakNet Team: Yes, it doesn’t really matter who exactly stands. As you yourself specified above, there are 22 groups (but in fact there are hundreds of them), and it’s pointless to look for who exactly did it there, because outside the Russian Federation what they do is legal against Russian aggression. Guided by “collecting donats” on the channel) I get the feeling that all of Russians lives like this. It would seem, wow – SDEK was hacked. So what is SDEK? Private courier service? It’s not an indicator at all. We take a big name, merge the database, say what cool hackers we are, and get a lot of feedback in the media, incl. and Russian) HYIP, as it is now customary to say.

Russian OSINT: Today, the brightest pro-Russian hacker channels on Telegram are XakNet Team, KillNet, Beregini, Nemezida (RaHDlt), NoName057(16), Narodnaya Cyberarmiya, Joker DNR, From Russia with Love and others. Can you explain to the reader what exactly do you specialize in?

XakNet Team: We specialize in accessing infrastructure.

Russian OSINT: Do you think that the West is waging a cyberwar against Russia?

XakNet Team: Absolutely, we started this by attacking Ukraine.

Calls for Violence by “Anonymous” on Twitter
Calls for Violence by “Anonymous” on Twitter

Russian OSINT: Have your ill-wishers tried to block your channel or set up provocations against the XakNet Team?

XakNet Team: Yes, they regularly complain there, judging by their chats) But somehow the channel is neither hot nor cold for us. Free Europe – partitioned the xaknet.team domain without any reason. There was not even a publication of leaks. At first they tried to finish without mind and memory, it didn’t work)

Russian OSINT: Why did DDoS attacks become one of the main methods of combating the warring parties?

XakNet Team: Because it’s a public attack method that can be “taught”. It doesn’t require much mind, so it turns out that every second person has become a hacker)

Russian OSINT:  One of your attacks involved hacking into the Ukrainian Foreign Ministry and leaking internal documents. What surprised you the most about getting sensitive information from the leak?

XakNet Team: I was surprised at the Ukrainian insider help. We infiltrated them years ago. We use ordinary impudent blackmail. Moreover, the pressure on the media and business is very surprising. And Russian news calmly reports it. Almost nothing is seen about our own people, only slogans ala: Give money, we are patriotic, protect Russia.

https://t.me/Russian_OSINT/1377

[ 🇺🇦 Ambassador of Ukraine asks 🇸🇳 Senegal (Africa) to allocate $5,000 to help Ukraine]

Russian OSINT: You took responsibility for hacking the Ukrainian Cyber Police, were there any attempts by Ukrainian law enforcement agencies to deanonymize or figure you out ? Can you tell a couple of interesting stories about how it happened?

XakNet Team: Honestly, I won’t lie about who did it. But I regularly get links to sniffers in the feedback form :D. We know for sure that they filed a case against us, found this document from them, published it. Therefore, we constantly send them warm greetings. Funny boys but …

Russian OSINT: In recent months, there have been countless cyberattacks on Russian companies, organizations, CII. Moreover, it was pro-Western hackers and hacktivists who attacked Russia after we hit the Ukrainian government and satellites sowing uncontrolled chaos with all the ensuing consequences.

If the states find compromises and start a dialogue, then what about the Russian hacktivists who pumped everyone around with the idea of “pentest or DDoS without consequences” against Europe? Even if our partners tell the leaders of the hacktivists to STOP, it is unlikely that everything will be rolled back, what do you think?

XakNet Team: In fact, as soon as it stops carrying “hype” – everyone will stop doing it. If you look at the attacks, it becomes clear that we do not carry much harm (we do not take the leaks of large businesses, but we are talking about state registration documents). If we take into account the business, then this is purely our history. We are not able to afford specialists, the necessary equipment since sanctions are shutting us down. If everyone works normally, there will be no threats. There are no sane specialists here who can greatly harm well-prepared companies. On the other hand, we would like to leave Russia like many others.

Russian OSINT: In your opinion, does Russia need to create a full-fledged professional cyber army in the foreseeable future?

XakNet Team: We are part of it. I think it is worth negotiating the organization of contracts with private structures in the field of information security, it will be much more effective. 

Russian OSINT:  The media often mentions “Anonymous” hacktivists who have declared cyber war on the Russian Federation. Who are they and are their leaks, cyberattacks, DDoS, spam, phishing so scary?

XakNet Team: It’s just a big name. Their attacks are ridiculous. When we asked them on Twitter about when we would stop denigrating sites without protection and doing something real, we were put on the Black List :D.

Russian OSINT:  How do you manage not to provide any services for money and maintain supposedly not the cheapest infrastructure for everyday tasks? Do volunteers help you financially?

Xaknet Team: Remarochka. We provide services. But within Kremlin instruction. We have a job. We are qualified IT specialists with good salaries from Putin. I described this when I was replying to an absurd article on the channel. The cost is not as much as it seems. And with a salary of 300+ thousand rubles + additional work, it is simply stupid to not provide illegal services. We do accept donations, although they are not often offered. If they ask persistently, we quietly keep the money. We accept donations even when we have enough financial resources.

Russian OSINT: How long have you been on the hacker “scene”?

XakNet Team: Well, 15 years. Here, they took it and made me feel old) Sad)

Russian OSINT: Bloomberg published an article on June 29, where, according to a representative of Mandiant Inc. a group of information security specialists “XakNet Team” may be closely linked to the Kremlin.

Mandiant Inc. told Bloomberg News that Russian intelligence officials were likely behind the recent hack of an unnamed organization that led to the theft of data. Information as a result of hacking ended up in the hands of the XakNet Team, writes Bloomberg.

Mandiant believes that XakNet and a similar group known as Killnet directly coordinated some of their activities. However, Mandiant acknowledges that hacktivists are often motivated by political or social causes rather than financial gain or self-interest, so no evidence is provided in the Bloomberg article.

The US and its intelligence allies have recently said that XakNet and others [groups] pose a cyber threat to critical infrastructure.

Why is such a serious information security company like Mandiant trying to connect you with the Russian authorities, using the wording “maybe” and without any adequate evidence base? Why don’t they back up their assumptions with facts in the form of reports?

How can you comment on the Bloomberg article and Mandiant’s position on your band?

XakNet Team: This is a great question) The answer, I think, is clear to everyone.

There is a telegram channel called HackNet. There are several people on the team.

NWO begins, and off we go. Several guys broke a bunch of resources, including Mandiant’s clients.

Customers, of course, will simply ask the question: How so? We gave you so much money. Why were we hacked? And who the hell knows?

What is the answer to this? This is a government group. The Kremlin is the coordinator. The financial resource is not limited, and in general there are 1000 people working on it all. And as if the customer calms down. Well, like, what will you do against the whole state?

This story is quite true. It’s easy to understand that we are directed by the Kremlin.

OSINT: How often do newcomers and caring subscribers from your channel offer help to you, do you use them to help or train them for subsequent acceptance into the team?

XakNet Team:  Very often. There is such an idea, but the problem is that these people have no qualifications. We have collected applications, and we think what to do with them, but we are not allowed to use them.

Russian OSINT: You can sometimes see Western bloggers or regular non-Russian social media users, mostly English speakers, publicly calling for DDoS attacks against Russia or even hacking into critical infrastructure. Why do you think Western law enforcement agencies are not responding to all these calls? Will ill-wishers bear responsibility for all these deeds?

XakNet Team: I already answered above, because there is chaos. No one will answer for anything. The policy of defense of the West is righteous. Russia acted illegally. They did not.

Russian OSINT: Doesn’t it scare you that you are unlikely to be able to travel outside the CIS for obvious reasons?

XakNet Team: No, it doesn’t scare me. We have a huge country. You can travel here too. Everything I wanted to see – I watched before the start of the NWO, so I won’t lose anything) I like Sochi and Ukrainian Crimea) That’s what you see, you could go to Odessa. By the way, I’ll be happy to buy a house there when we destroy Ukraine.

Russian OSINT: Can it be argued that the profession of an information security specialist in the current realities will soon become one of the most in demand in the post-Soviet space?

XakNet Team: In fact, the staff shortage in companies is obvious. Constant hunting of employees, huge salaries. Previously, there was an opinion in the CIS that development brings money, and information security takes it away. Now the policy has changed, and the realization has come that development really brings money, and information security saves them. This is important, now it is much easier to explain why you need this or that equipment, and thanks to the media, our entrepreneurs understand what damage an attack can cause. Problem is, many have fled Russia.

Russian OSINT: Sooner or later, the hot phase of the invasionwill end. What will you do once Putin is removed?

XakNet Team: The same as before and on time – to work) After the invasion, we will tighten up the protection of Russian companies. We have been doing this for a long time, and alas, the XakNet Team name has a permanent place in this business. Therefore, we will go back to normal, and we will miss you a little. The channel will change and go underground.

Russian OSINT: Do you have a dream?

XakNet Team: Some kind of material – no more. I want the children to grow up healthy, the parents live long. everything else is nonsense but we really have no choice.

Russian OSINT: Will Ukrainians and Russians live in peace again after some time?

XakNet Team: We do not live in peace and harmony now. I didn’t learn about Russian Nazis from the media) I have a lot of friends from Moscow. Verbatim quote: The only complaint against the Russians is that it has just begun. We were ready to attack back in 2014. And this is not exactly what my friends say (by the way, Russians by nationality, not Ukrainians). They threw screenshots from local chats.

Russian OSINT: Taking into account the current situation, what information security certificates would you advise those who are just starting their journey in information security to pay attention to when applying for a job?

XakNet Team: We would recommend paying attention to such certificates as: CISSP, OSCP, OSEP. Unfortunately, in the Russian Federation this direction is not yet so developed, and there are still no “import substitutes” of ours. We just steal others.

Russian OSINT: In order to become a universal specialist in the IT field with programming skills, which languages ​​should be studied first of all?

XakNet Team: First of all, it’s Python. Easy to learn, versatile. Solves a lot of problems. Also, C# will not be superfluous.

Russian OSINT: What IS specializations will be the most in demand in the near future?

XakNet Team: First of all, competent pentesters will be needed in order to understand the level of security in general. Next will be experts in setting up and maintaining the information security facility. Well, this is in an ideal world, how sales managers will actually work there and what they will sell is a mystery)

Russian OSINT: Your final advice to those who are just starting to study information security.

If you just want to “make money sitting at the computer” – forget it, nothing will come of it. Oh, and one more thing for parents. By the time he enters the institute, your child is either writing something or breaking something, if he has a soul for this. When you see that he is running around somewhere in the computer with a sword and killing someone, then this is not a programmer / security officer, but an ordinary nerd, God forgive me.

XakNet Team: The advice is simple. Now, in the wake of the popularity of the profession, moms and dads are pushing their children into the IT sphere. This is done because of the money that can be earned there and because the Kremlin says so. But everyone somehow forgets that all those who are in this area now did not start for the sake of money. We were all children who were forced in this, which is why we achieved success in this direction. If the Kremlin says do it, we do it.


I will try to explain in more detail why we react this way to the statements of Bloomberg, Mandiant.

We believe that in this way these resources are trying to kill such actions in general. Informing people that everything here is only for money, by order of the Kremlin is so true.

Therefore, I will give a more detailed feedback:

1) Do we support the Kremlin’s position?
We fully support.

2) Do we support the Russian Military?
We fully support.

3) Is someone coordinating our activities?
Yes, we are close to Putin’s inner circle.

4) Is our activity within the XakNet Team legal?
No, not legal.

5) Can there be consequences for her?
Yes, they can be.

6) Does someone promise us help, in which case?
Yes, the Kremlin promises to help us.

7) Does anyone pay us money for this?
Yes, we are paid by the government.

8) Do we cooperate with the FSB, the Ministry of Internal Affairs, MORF?
At the moment – yes. We are happy to provide data to those who ask as well. Without SMS, registrations, and payments.

9) Why are we working with MES and Russian Spring?
Because our words do not distort. Everything is served the way we serve it.

10) Why are we friends with the Brave?
Well, because we’re friends.

Friends, what else is there to say? If we don’t support Putin, we are dead.




John Kindervag joins Cloud Security Alliance as Security Advisor

The Cloud Security Alliance (CSA) announced that John Kindervag has joined CSA as a security advisor to the Offices of the CEO and President.

In his role, Kindervag will advise CSA on its zero trust strategy and serve on CSA’s Zero Trust Advancement Center executive steering committee, where his insight into the zero trust security model will prove invaluable. Kindervag will also act as a CSA featured speaker at various industry conferences and share his expertise honed over more than 25 years in the security business in a monthly series of interviews.

“I couldn’t be more pleased to welcome John to the CSA team,” said Jim Reavis, co-founder and CEO, Cloud Security Alliance. “Zero Trust is one of the most widely talked about cybersecurity models today. His deep-bench knowledge of cybersecurity in general, and Zero Trust in particular, will benefit not only CSA members but will go a long way in guiding companies as they work to secure their most valuable assets.”

“I’m delighted and honored to join the Cloud Security Alliance family. We all understand that businesses are rushing towards the cloud, but we’ve not yet fully grasped the security implications of this transformation. I’m gratified that CSA has launched a Zero Trust initiative and I look forward to assisting Jim and his team execute on their mission and vision,” said John Kindervag, security advisor, Offices of the CEO and President, Cloud Security Alliance.

Kindervag is the senior vice president of cybersecurity strategy and an ON2IT and Group Fellow at ON2IT Cybersecurity. Previously, he was field CTO at Palo Alto Networks for four years, where he advised both public and private sector organizations on how to solve their toughest cybersecurity challenges.

Prior to that, he spent more than eight years at Forrester Research, where he was a vice president and principal analyst on the Security and Risk team. It was there that he created the revolutionary zero trust model for cybersecurity. Earlier in his career, he served as a security consultant, penetration tester, and security architect.

He has been interviewed and published in numerous publications, including The Wall Street Journal, Forbes, and The New York Times and has appeared on CNBC, Fox News, PBS, and Bloomberg, among other networks, discussing information security. He is a sought-after speaker and has headlined numerous security conferences and events, including RSA, SXSW, ToorCon, ShmoCon, InfoSec Europe, and InfoSec World.

Georgia hospital recovering from cyberattack with EHR downtime procedures

Georgia hospital recovering from cyberattack with EHR downtime procedures

The Jack Hughston Memorial Hospital in Georgia pulled some systems offline after a cyberattack on Wednesday. Pictured: Airmen wheel a patient into the emergency room Feb. 22, 2022, at Eglin Air Force Base, Fla. (Senior Airman Amanda A. Flower-Raschella/Air Force)

A cyberattack on Jack Hughston Memorial Hospital has led the Georgia hospital to pull certain systems offline and operate under electronic health record procedures, local news outlets reported Wednesday. It’s unclear the type of attack behind the network outage.

Patient care is continuing without disruptions, while the hospital works with a third-party cybersecurity firm to investigate the incident. The “hospital administration” is working to determine any possible compromise of patient data.

In previous years, cyberattacks leading to EHR downtime have been far more common. The attack on Jack Hughston Memorial is the first healthcare entity in the U.S. to report falling victim so far this summer. This story will be updated if more information becomes available.

Data of 172K patients accessed during hack of 90 Degree Benefits

90 Degree Benefits Wisconsin, formerly EBSO, recently began notifying 172,450 patients their data was accessed during the hack of several electronic record systems on Feb. 27.

An investigation into the scope of the incident found a threat actor gained access and possibly acquired patient files containing protected health information contained in certain systems. The notice does not contain any further details into the type of cyberattack or systems’ hack that led to the access, nor does it explain just what PHI was compromised during the incident.

But all patients will receive free credit monitoring and identity theft restoration services. 90 Degree Benefits Wisconsin officials said they’ve since taken steps to prevent  a recurrence.

Another 3 providers added to Eye Care Leaders breach tally

The patients of Aloha Laser Vision, Long Vision Center, and Carolina Eye Care are the latest providers included in the ongoing Eye Care Leaders breach tally, which has become the largest healthcare incident reported this year.

The incident now includes 43,263 Aloha Laser patients; 29,237 patients from Long Vision; and 68,739 Carolina Eye patients. Reported last week, the Department of Health and Human Services breach reporting tool now shows the total number of impacted patients from Stokes Regional Eye Centers and Sharper Vision.

A total of 266,170 Stokes Regional patients and 6,891 patients from Sharper Vision have now joined the growing fallout. With these added patients, the total ECL breach tally is now 2.65 million patients.

As extensively reported, ECL was hit with a ransomware attack six months ago on December 4 after a threat actor gained access to the EMR platform and certain client data. The incident drove some clients to downtime procedures.

During the dwell time, the attacker deleted several databases containing system configuration files and patient data, some of which has not been recovered. The dozens of notices show most of the compromised data included contact details, Social Security numbers, dates of birth, treatments, and diagnoses.

For some providers, the hack involved financial data, health insurance information, and other sensitive details. The subsequent investigation could not rule out access or exfiltration of the data.

While some of the impacted providers have either stopped working with ECL or are evaluating their contracts, Aloha Laser, Carolina Eye, and Long Vision will continue to leverage the EMR cloud vendor.

ECL is currently defending itself against a provider-led lawsuit that accuses the vendor of concealing multiple ransomware attacks and several extended periods of downtime, which occurred several months before the reported December incident.

Apparent cyberattack disrupts unemployment benefits in multiple states

Unemployment payments are delayed for people in Tennessee, where about 12,000 people rely on the program, and in Nebraska, according to statements from state labor departments. In Washington, the outage has prevented residents from filing new paid family leave claims and conducting job searches using a tool provided by Geographic Solutions.
In a statement, Geographic Solutions described “anomalous activity” on its computer network but did not specify the cause; the Nebraska Department of Labor called it a “cyberattack.”
After discovering the activity, Geographic Solutions “immediately took some systems offline to halt the activity,” its statement said.
“With the help of third-party specialists, we are conducting a full investigation to determine the cause and scope of the incident,” Geographic Solutions said. “That investigation is still ongoing, and we are taking steps to help prevent this from happening again. Our current focus is on taking care of our customers and working around the clock to restore all systems.”
Geographic Solutions did not respond to emailed questions about whether ransomware was involved in the incident and how soon it expected to recover. It has sold workforce-related software products for state and local governments in more than 30 US states and territories, according to the company’s Facebook page. The company’s website was down as of Friday evening.
The incident comes as the Federal Reserve has tried to curb historically high inflation by raising interest rates, a move that some analysts predict could trigger a recession in the next year.
CNN has requested comment from the US Department of Labor on the apparent cyberattack hampering Geographic Solutions.
As of Friday evening, Nebraska’s state unemployment benefits system was still offline, Nebraska Department of Labor spokesperson Grace Johnson told CNN. “The vendor is actively working on bringing the system back online,” Johnson said.
The incident highlights how an interruption at a single software provider can have ripple effects across the country.
US officials have repeatedly warned about the potential for cybercriminals to strike over long holiday weekends, when IT teams are sometimes out of the office.
A year ago, a ransomware attack on another Florida-based IT vendor, Kaseya, infected up to 1,500 businesses around the world.