The national guard here is looking around for men in black masks in front of computers throughout the city. Its crazy
St. Paul, MN, was hacked so badly that the National Guard has been deployed
Submitted 1 day ago by return2ozma@lemmy.world to technology@lemmy.world
Comments
dumples@midwest.social 17 hours ago
prole@lemmy.blahaj.zone 13 hours ago
Is this a joke or are you serious?
Goddamn it, I can’t tell anymore
dumples@midwest.social 9 hours ago
sp3ctr4l@lemmy.dbzer0.com 21 hours ago
techxplore.com/…/2025-07-fbi-national-st-paul-cyb…
reuters.com/…/minnesota-calls-national-guard-afte…
techcrunch.com/…/minnesota-activates-national-gua…
So, this actually was first detected on Friday July 25, escalated all the way up to the Emergency Operations Center on July 28 (Monday), state of emergency / near total intranet shut down on July 29 (Tuesday).
It seems to me that some kind of rather sophisticated threat actor managed to get into the core … this article calls it a ‘VPN’, but it isn’t technically a VPN, its a secure access tunnel system that city-gov systems and employees use to talk to each other, it almost certainly is not intended to be geared toward broad internet access/usage, beyond accepting user input from public facing government web portals, such as say, people paying their utliity bills online or trying to submit a business liscense application online, things like that.
This system is sounding like it got fully compromised (as in, low level/high privilege level access was secured), and was either sending data out/in through improper IP addresses, and/or was possibly being hijacked to do some kind of DOS attack … on itself?
I am having a really hard time finding any exact details on this, but this is my best guess.
Given that the EOC essentially immediately shutdown everything and called in a National Guard Cybersecurity team, it seems to me that there is a high chance this was done by basically a nation-state level threat actor.
It also at least seems like the systems, the data, the hardware, have at least not yet been locked down in a ransomware style move, which… could be largely due to their just quickly pulling the whole thing offline, or could be because that wasn’t the goal of the attackers… or some combination of both.
SheeEttin@lemmy.zip 9 hours ago
Yeah that’s a vpn
sp3ctr4l@lemmy.dbzer0.com 9 hours ago
No, no its not.
Its an intranet with a secure portal system in and out if it.
In fact, a primary purpose of a VPN, spoofing your IP/geolocation, pretending you are someone you aren’t… is pretty much antithetical to a highly controlled system of users with varying levels of access to specific, private areas of that system.
SlartyBartFast@sh.itjust.works 18 hours ago
What’s Saint Paul gonna do about it?
Complain to Jesus?
WaffleWarrior@lemmy.zip 16 hours ago
🙄
JohnAnthony@lemmy.dbzer0.com 12 hours ago
but at least Abilene was insured against such an attack
Oh, well that’s great. I hope the people, whose identity, medical records, or whatever else was stolen will be compensated accordingly. Would be a shame if the money went into building a new, just as unsafe system.
Not that anyone gives a fuck. At this point the argument is “your data had probably already been stolen somewhere else”…
justlemmyin@lemmy.world 1 day ago
Had to read the article to realise st Paul is a city name. 😅
Also, could it be a 'the call is coming from inside the house " situation?
I remember pedo party hating this mayor. It was all over lemmy during simpler times.
Chulk@lemmy.ml 16 hours ago
Also, could it be a 'the call is coming from inside the house " situation?
I think this is far more likely than China, North Korea, Iran or Russia having a sudden interest in St Paul Minnesota (a city that most people in the US don’t even think about).
Who benefits more from the crippling of city-level liberal governments and stealing their data, Trump or China? If we see ICE conducting surgical raids within St Paul in the coming months, I think we’ll have our answer.
JaymesRS@piefed.world 18 hours ago
Probably not the mayor, the governor of the state was the VP candidate for Kamala Harris.
Zombie@feddit.uk 22 hours ago
Loving the completely unfounded speculation that it must be
EurasiaRussia orEastasiaChina in this thread.Y’all are so deep in propaganda you don’t even know it.
Ilovethebomb@sh.itjust.works 22 hours ago
Lemminary@lemmy.world 22 hours ago
Also:
nbcnews.com/…/chinese-hackers-cisa-cyber-5-years-…
reuters.com/…/fbi-says-chinese-hackers-preparing-…
en.wikipedia.org/wiki/Cyberwarfare_and_China
I guess it’s all just propaganda, huh. We’re just a bunch of gullible buffoons.
Zombie@feddit.uk 20 hours ago
Oh honey, don’t you see the irony of posting the BBC and the government’s cyber security centre to refute claims of propaganda?
Do you believe the most technologically advanced country in the world, with the power of silicon valley, an unlimited budget for the military and CIA, currently being run by an outright fascist, is innocent?
en.wikipedia.org/wiki/Operation_Olympic_Games
independent.co.uk/…/donald-trump-us-hacking-china…
“We have stated our position many times regarding such groundless accusations that lack evidence,” ministry spokesperson Mao Ning was quoted as saying by the AFP news agency.
A spokesperson for the Chinese embassy in the US, Liu Pengyu, denied the department’s allegations. “We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber-incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” he said, according to a BBC report.
“The US needs to stop using cybersecurity to smear and slander China and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”
aljazeera.com/…/us-treasury-hacked-are-china-and-…
It’s always China, Russia, North Korea, and Iran that is jumped to because that is the main adversaries of the west. Never India, or Brazil, or Israel, or Saudi Arabia, all capable countries. With not a shred of evidence it’s always China, Russia, North Korea, and Iran that are speculated.
No speculation that perhaps Mexico and Canada, two countries currently having beef with the US could be to blame. No speculation that it’s a false flag by the US federal government. No, straight to China.
When the Spanish power grid went down straight away the speculation was to Russian or Chinese hacking, investigations aren’t finished yet but it appears to have been nothing of the sort, but instead frequency oscillations in the power lines.
en.wikipedia.org/…/2025_Iberian_Peninsula_blackou…
It could very well be China etc but straight away with no evidence there’s comments like “What are the chances this took place during working hours in China?”.
At best it’s bigoted, at worst it’s U.S. sponsored Lemmy propaganda.
Allero@lemmy.today 22 hours ago
Yes. There are quite a few completely unfounded pieces stating it is Russia or China or North Korea behind thing X with no proofs whatsoever.
These do not go to prove your point.
AwesomeLowlander@sh.itjust.works 22 hours ago
Would you like to name other likely suspects? It’s not standard criminals, there have been no ransom demands. And they’re unlikely to piss off the govt to this extent. Which leaves state actors. Gee, wonder who it might be.
Allero@lemmy.today 22 hours ago
Literally anyone until proven guilty?
DrFistington@lemmy.world 17 hours ago
How long does it take you to put on your clown make up every morning? Attack was made possible with info stolen by doge, which was handed over to Russia, at that point that probably worked with North Korea for the operation
Zombie@feddit.uk 17 hours ago
How long does it take you to put on your clown make up every morning? Attack was made possible with info stolen by doge, which was handed over to Russia, at that point they probably worked with North Korea for the operation
- DrFistington@lemmy.world
Saving this for posterity. Hahahaha. And I’m the supposed clown!
Fucking hell.
Can I see your evidence or do you just telepathically know these things?
shortwavesurfer@lemmy.zip 17 hours ago
We’re at war with East Asia. We’ve always been at war with East Asia. George Orwell, 1984.
disco@lemdro.id [bot] 19 hours ago
Isn’t there an upcoming election in St. Paul?
JaymesRS@piefed.world 18 hours ago
Minneapolis and St Paul (Cross-River sister cities, St Paul is the State Capital) both have mayoral elections on November 4, 2025. The one you’ve been seeing mentioned more likely is the Minneapolis one where the DFL (State Democratic Party) endorsed a candidate for the first time in a bit and it was the challenger to the incumbent Democratic candidate.
Ilovethebomb@sh.itjust.works 1 day ago
What are the chances this took place during working hours in China?
setsubyou@lemmy.world 1 day ago
The article says it started on a Friday morning in Minnesota. It’s clear that that’s when the attack started and not a case of the first guy starting work that day discovering that it happened, because the article also says that they tried to contain it as it was going on, but ultimately failed.
Minnesota is at UTC-5 and China is at UTC+8, meaning when it’s morning in Minnesota, it’s already 13 hours later in China, i.e. middle of the night.
Nimrod@lemmy.world 1 day ago
I don’t see anything in the article that states the attack started that morning. It says that i was “first noticed” early Friday morning:
According to remarks by St. Paul Mayor Melvin Carter, the attack was first noticed early in the morning of Friday, July 25.
I’m not arguing it’s China, just that I didn’t see anything indicating they know when the attack started
outhouseperilous@lemmy.dbzer0.com 23 hours ago
Or maryland. The feds are not friends right now. Arguably ever, but definitely not right now.
Treczoks@lemmy.world 1 day ago
Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming “please hack me”.
derry@midwest.social 15 hours ago
Project manager: at least I can blame the vendor
sp3ctr4l@lemmy.dbzer0.com 15 hours ago
Entirely seriously, yes.
Most project managers I’ve ever met or known or worked with are basically incompetent technically, and very insecure / in denial about that, and thus vastly prefer the ‘safe’ option of someone else being responsible over the ‘risk’ of… hiring actual quality people that can make/support their own quality product.
CallMeAnAI@lemmy.world 22 hours ago
🤣 should we get a list of foss projects that have had security issues?
Stop this nonsense. You can hate Microsoft for legitimate reasons.
toothpaste_ostrich@feddit.nl 20 hours ago
I mean… For real, I’ve never heard of Linux systems being hacked this way. I’m sure it’s possible, but it certainly seems rarer.
Slipping shit in upstream also certainly doesn’t happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can’t automate those kinds of attacks. (I imagine. Correct me if I’m wrong.)
disco@lemdro.id [bot] 19 hours ago
Microsoft is getting hacked every other week.
trolololol@lemmy.world 9 hours ago
Mate have a look at the SharePoint vulnerability. It’s embarrassingly bad. Like really really bad, and btw so bad that it’s very easy to understand and exploit. And prevent too, if a jr in my team did this I’d get them in trouble.