Anonymous using Adobe ColdFusion exploit to attack U.S. government

anonymous hackers paypal attack wikileaks guilty plea costs trapwire system

When it comes to Anonymous’ hit list, they go after all the fish in the pond, big and small alike. It turns out that the shadowy hacker-activist group has been diving into U.S. government networks for quite some time now.

Not only has Anonymous waltzed into federal government systems, but they’ve stolen information from “US government computers in multiple agencies,” an FBI memo indicates. The current campaign involves holes in Adobe ColdFusion software, and has been active since December of last year. What’s more, the government found that the exploitable holes were still in place as recently as last month.

So what exactly was stolen? An internal email from Kevin Knobloch, chief of staff for U.S. Secretary of Energy Ernest Moniz, reveals that the personal information of roughly 104,000 employees, family members, contractors,  and others affiliated with the Department of Energy was swiped. Information pertaining to roughly 20,000 bank accounts was also nabbed. It’s worth noting that the U.S. Department of Energy manages the nation’s nuclear arsenal.

Here’s what the FBI had to say on the matter.

“The majority of the intrusions have not yet been made publicly known,” the FBI indicated. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”

Adobe exploits have sort of been a theme lately. Recently, roughly 150 million Adobe user passwords were leaked, forcing many to change not only their Adobe passwords, but the passwords for any services that used the same password.

 After a seemingly quiet hacking day on November 5, it appears as if Anonymous has been launching plenty of fireworks behind the scenes.