The DHS, the US Department of Homeland Security, has released its findings from the investigation into the May 8th ransomware attack on computer systems in Washington, DC.
The DOT identified the attacker to be a “a state-sponsored entity within Iran.” The attacker was identified as APT33, an attacker group known for its attacks on industrial targets around the world.
The DOT has reported that the attack was most likely the result of the attackers exploiting an unpatched security vulnerability on targeted systems.
According to the DOT, the attack affected critical systems related to transportation services in the DC metropolitan area. The intrusion was reported to have caused disruption of communications services, data loss, and operation problems.
In response, the DOT has stated that it “is currently pursuing both legal and non-legal measures in order to protect the public from any further harm.” This includes increasing awareness of the need for more effective cyber security measures, better communication with government agencies, and seeking damages for the intrusion.
Additionally, the DOT is considering possible sanctions against the attacker and requesting international cooperation in order to prevent similar attacks from taking place in the future.
The DOT has reiterated that its response and investigation were carried out in the interests of protecting critical infrastructure. It has continued to emphasize that all transportation operators and citizens should remain vigilant and take appropriate measures to protect their systems.