The Louisiana National Guard was called in to stop a series of cyberattacks aimed at small government offices across the state in recent weeks, according to two people with knowledge of the events.
Further quoting Reuters, “The situation in Louisiana follows a similar case in Washington state, according to a cybersecurity consultant familiar with the matter, where hackers infected some government offices with a type of malware known for deploying ransomware.
Experts investigating the Louisiana incidents found a tool used by the hackers that was previously linked to a group associated with the North Korean government, according to a person familiar with the investigation. While staff at several government offices in northern Louisiana were successfully compromised as part of the campaign, according to the two people familiar with the incident response, the cyberattack was stopped in its early stages before significant harm was done.
The National Guard’s role was investigation, per a spokesman for the State Police.
Why do we care?
Two threads here – long time listeners will note the general “cybersecurity is way worse than we thought”. These are nation state actors targeting small governments.
Second, let’s specifically acknowledge this happened in Louisiana, which as reported multiple times on this show is leading the way on MSP and MSSP regulation. I reached out to the secretary’s office to see if MSPs are involved, but either way, you can be confident that this experience further adds to government’s view of the need for more investment – and note these are small government offices, at the state and local levels…. Also called SMBs.
That’s regulation coming.