Monday, December 9, 2024
Homecyber securityPentagon IT Service Provider Hacked: U.S. Government Secrets Exposed

Pentagon IT Service Provider Hacked: U.S. Government Secrets Exposed

Published on

SIEM as a Service

A massive breach in cybersecurity has occurred at Leidos Holdings Inc., which is a key provider of information technology services to the United States government.

Hackers have released internal information, which has raised significant worries regarding the safety of sensitive government data managed by third-party contractors.

During the fiscal year 2022, Leidos secured $3.98 billion in contract commitments, making it the top federal information technology contractor. Leidos is well-known for its substantial work with the Pentagon and other government agencies.

- Advertisement - SIEM as a Service

The company’s clients include the Department of Defense, the Department of Homeland Security, the National Aeronautics and Space Administration, other agencies from the United States and other countries, and commercial organizations.

87% of Leidos’ revenue comes from contracts with the United States government.

According to the Cyber Press report, data consists of one gigabyte of files in the following formats: zip, msg, doc, jpg, png, xls/x, and pdf. These files are associated with Leidos technical assistance and its customers.

Part one of the data set has 451 files representing credits, and part two contains 6,500 files representing bitcoins or dollars.

Download Free Cybersecurity Planning Checklist 2024 (PDF) – Download Here

The documents disclosed are suspected to have been taken during two breaches that occurred in 2022 at Diligent Corp., a platform Leidos uses.

There is still a lack of clarity regarding the precise type and level of sensitivity of the data that were taken; however, the leak has brought to light vulnerabilities in the cybersecurity frameworks of businesses that manipulate sensitive government information.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Document nature
Document nature


On a site dedicated to cybercrime, the documents that had been leaked were found. Bloomberg News examined some of the files, but they could not verify their legitimacy because the details were disguised.

No information regarding the nature or specifics of these documents has been made available to the general public.

Cyber Press report indicates that Leidos has recently become aware of the problem and is investigating to determine the breach’s scope.

Therefore, the corporation has not yet issued a public comment regarding the particulars of the leaked documents or the actions it is taking to lessen the impact of the document breach. Leidos has chosen not to comment on the information that was stolen publicly.



Concerns regarding the potential misuse of sensitive information have been further exacerbated by the threat actor responsible for the breach’s indication that they intend to sell the data in two distinct categories.

Due to this occurrence, the security standards and precautions that government contractors take have been the subject of a more extensive discussion.

A data breach of this nature can have a wide range of repercussions, including financial losses, damage to reputation, disruptions to operations, and legal issues.

Cybersecurity experts warn that breaches such as this can significantly harm customers’ trust and subject firms to harsh scrutiny from regulators and customers.

Through its information technology services and solutions, Leidos, established in 2013 and later acquired Lockheed Martin Corporation’s information technology business, plays an essential part in protecting the nation’s security.

The latest security breach has forced the organization to take urgent action to determine the extent of the damage and strengthen its defenses against future assaults.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...