Comment on St. Paul, MN, was hacked so badly that the National Guard has been deployed
sp3ctr4l@lemmy.dbzer0.com 3 days ago
techxplore.com/…/2025-07-fbi-national-st-paul-cyb…
reuters.com/…/minnesota-calls-national-guard-afte…
techcrunch.com/…/minnesota-activates-national-gua…
So, this actually was first detected on Friday July 25, escalated all the way up to the Emergency Operations Center on July 28 (Monday), state of emergency / near total intranet shut down on July 29 (Tuesday).
It seems to me that some kind of rather sophisticated threat actor managed to get into the core … this article calls it a ‘VPN’, but it isn’t technically a VPN, its a secure access tunnel system that city-gov systems and employees use to talk to each other, it almost certainly is not intended to be geared toward broad internet access/usage, beyond accepting user input from public facing government web portals, such as say, people paying their utliity bills online or trying to submit a business liscense application online, things like that.
This system is sounding like it got fully compromised (as in, low level/high privilege level access was secured), and was either sending data out/in through improper IP addresses, and/or was possibly being hijacked to do some kind of DOS attack … on itself?
I am having a really hard time finding any exact details on this, but this is my best guess.
Given that the EOC essentially immediately shutdown everything and called in a National Guard Cybersecurity team, it seems to me that there is a high chance this was done by basically a nation-state level threat actor.
It also at least seems like the systems, the data, the hardware, have at least not yet been locked down in a ransomware style move, which… could be largely due to their just quickly pulling the whole thing offline, or could be because that wasn’t the goal of the attackers… or some combination of both.
SheeEttin@lemmy.zip 3 days ago
Yeah that’s a vpn
sp3ctr4l@lemmy.dbzer0.com 3 days ago
No, no its not.
Its an intranet with a secure portal system in and out if it.
In fact, a primary purpose of a VPN, spoofing your IP/geolocation, pretending you are someone you aren’t… is pretty much antithetical to a highly controlled system of users with varying levels of access to specific, private areas of that system.
SheeEttin@lemmy.zip 3 days ago
The primary purpose of a VPN is to create a tunnel between two networks, hence the name “virtual private network”. I’m very familiar with them as I work with these systems for a living.
L3s@lemmy.world 3 days ago
I’m guessing some people don’t know (or forgot) that site-to-site and remote access VPN’s are a thing, and was the initial purpose of VPN’s. Masking or hiding your location became a benefit after the fact.
Also, we removed the above comment because the last sentence was fairly rude and violates rule 3 @sp3ctr4l@lemmy.dbzer0.com